Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report purchase order Nl32855 (1).exe

Overview

General Information

Sample Name:purchase order Nl32855 (1).exe
Analysis ID:526200
MD5:c466151570c893f56d548a9689155656
SHA1:3e779ff5c71f319fc2d3bd4fc577c4769873c47c
SHA256:dee5267af261b8e291b83b01b12c4149204b20754cd1714bd974ae1dae447a44
Tags:exeNanoCoreRAT
Infos:

Most interesting Screenshot:

Detection

Nanocore
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Malicious sample detected (through community Yara rule)
Sigma detected: NanoCore
Yara detected AntiVM3
Detected Nanocore Rat
Multi AV Scanner detection for dropped file
Yara detected Nanocore RAT
Initial sample is a PE file and has a suspicious name
Connects to many ports of the same IP (likely port scanning)
Protects its processes via BreakOnTermination flag
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Sigma detected: Suspicius Add Task From User AppData Temp
Machine Learning detection for sample
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Uses schtasks.exe or at.exe to add and modify task schedules
Uses dynamic DNS services
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
PE file contains executable resources (Code or Archives)
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Installs a raw input device (often for capturing keystrokes)
Sample file is different than original file name gathered from version info
Drops PE files
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Detected TCP or UDP traffic on non-standard ports
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • purchase order Nl32855 (1).exe (PID: 6824 cmdline: "C:\Users\user\Desktop\purchase order Nl32855 (1).exe" MD5: C466151570C893F56D548A9689155656)
    • schtasks.exe (PID: 5936 cmdline: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\qZEskWcTYJLciB" /XML "C:\Users\user\AppData\Local\Temp\tmpB6B0.tmp MD5: 15FF7D8324231381BAD48A052F85DF04)
      • conhost.exe (PID: 1328 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • purchase order Nl32855 (1).exe (PID: 1668 cmdline: {path} MD5: C466151570C893F56D548A9689155656)
      • schtasks.exe (PID: 3396 cmdline: schtasks.exe" /create /f /tn "DHCP Monitor" /xml "C:\Users\user\AppData\Local\Temp\tmp1F1D.tmp MD5: 15FF7D8324231381BAD48A052F85DF04)
        • conhost.exe (PID: 5732 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • schtasks.exe (PID: 3296 cmdline: schtasks.exe" /create /f /tn "DHCP Monitor Task" /xml "C:\Users\user\AppData\Local\Temp\tmp2A39.tmp MD5: 15FF7D8324231381BAD48A052F85DF04)
        • conhost.exe (PID: 5648 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • purchase order Nl32855 (1).exe (PID: 4864 cmdline: "C:\Users\user\Desktop\purchase order Nl32855 (1).exe" 0 MD5: C466151570C893F56D548A9689155656)
    • schtasks.exe (PID: 6764 cmdline: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\qZEskWcTYJLciB" /XML "C:\Users\user\AppData\Local\Temp\tmpE496.tmp MD5: 15FF7D8324231381BAD48A052F85DF04)
      • conhost.exe (PID: 7028 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • dhcpmon.exe (PID: 6700 cmdline: "C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe" 0 MD5: C466151570C893F56D548A9689155656)
    • schtasks.exe (PID: 7044 cmdline: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\qZEskWcTYJLciB" /XML "C:\Users\user\AppData\Local\Temp\tmpF1A6.tmp MD5: 15FF7D8324231381BAD48A052F85DF04)
      • conhost.exe (PID: 4592 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • dhcpmon.exe (PID: 6252 cmdline: {path} MD5: C466151570C893F56D548A9689155656)
  • dhcpmon.exe (PID: 7084 cmdline: "C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe" MD5: C466151570C893F56D548A9689155656)
    • schtasks.exe (PID: 6864 cmdline: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\qZEskWcTYJLciB" /XML "C:\Users\user\AppData\Local\Temp\tmpD.tmp MD5: 15FF7D8324231381BAD48A052F85DF04)
      • conhost.exe (PID: 7152 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • dhcpmon.exe (PID: 5820 cmdline: {path} MD5: C466151570C893F56D548A9689155656)
    • dhcpmon.exe (PID: 2044 cmdline: {path} MD5: C466151570C893F56D548A9689155656)
    • dhcpmon.exe (PID: 5984 cmdline: {path} MD5: C466151570C893F56D548A9689155656)
  • cleanup

Malware Configuration

Threatname: NanoCore

{"Version": "1.2.2.0", "Mutex": "6c7be0fb-d973-4d3c-b342-92a2df7c", "Group": "Wiz", "Domain1": "lizaelock.ddns.net", "Domain2": "", "Port": 52149, "KeyboardLogging": "Enable", "RunOnStartup": "Enable", "RequestElevation": "Disable", "BypassUAC": "Enable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Enable", "SetCriticalProcess": "Enable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8009, "BufferSize": "02000100", "MaxPacketSize": "", "GCThreshold": "", "BypassUserAccountControlData": "<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo />\r\n  <Triggers />\r\n  <Principals>\r\n    <Principal id=\"Author\">\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Priority>4</Priority>\r\n  </Settings>\r\n  <Actions Context=\"Author\">\r\n    <Exec>\r\n      <Command>\"#EXECUTABLEPATH\"</Command>\r\n      <Arguments>$(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.922693720.0000000006000000.00000004.00020000.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
  • 0xf7ad:$x1: NanoCore.ClientPluginHost
  • 0xf7da:$x2: IClientNetworkHost
00000007.00000002.922693720.0000000006000000.00000004.00020000.sdmpNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
  • 0xf7ad:$x2: NanoCore.ClientPluginHost
  • 0x10888:$s4: PipeCreated
  • 0xf7c7:$s5: IClientLoggingHost
00000007.00000002.922693720.0000000006000000.00000004.00020000.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
    00000010.00000000.700142323.0000000000402000.00000040.00000001.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
    • 0xff8d:$x1: NanoCore.ClientPluginHost
    • 0xffca:$x2: IClientNetworkHost
    • 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
    00000010.00000000.700142323.0000000000402000.00000040.00000001.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
      Click to see the 115 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      16.2.purchase order Nl32855 (1).exe.434ec86.5.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
      • 0x4083:$x1: NanoCore.ClientPluginHost
      16.2.purchase order Nl32855 (1).exe.434ec86.5.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
      • 0x4083:$x2: NanoCore.ClientPluginHost
      • 0x4161:$s4: PipeCreated
      • 0x409d:$s5: IClientLoggingHost
      27.2.dhcpmon.exe.4513ac3.6.raw.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
      • 0x1646:$x1: NanoCore.ClientPluginHost
      • 0x151e3:$x1: NanoCore.ClientPluginHost
      • 0x2e17a:$x1: NanoCore.ClientPluginHost
      • 0x15210:$x2: IClientNetworkHost
      • 0x2e1a7:$x2: IClientNetworkHost
      27.2.dhcpmon.exe.4513ac3.6.raw.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
      • 0x1646:$x2: NanoCore.ClientPluginHost
      • 0x151e3:$x2: NanoCore.ClientPluginHost
      • 0x2e17a:$x2: NanoCore.ClientPluginHost
      • 0x1724:$s4: PipeCreated
      • 0x162be:$s4: PipeCreated
      • 0x2f255:$s4: PipeCreated
      • 0x1660:$s5: IClientLoggingHost
      • 0x151fd:$s5: IClientLoggingHost
      • 0x2e194:$s5: IClientLoggingHost
      27.2.dhcpmon.exe.4513ac3.6.raw.unpackJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
        Click to see the 222 entries

        Sigma Overview

        AV Detection:

        barindex
        Sigma detected: NanoCoreShow sources
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\purchase order Nl32855 (1).exe, ProcessId: 1668, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

        E-Banking Fraud:

        barindex
        Sigma detected: NanoCoreShow sources
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\purchase order Nl32855 (1).exe, ProcessId: 1668, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

        System Summary:

        barindex
        Sigma detected: Suspicius Add Task From User AppData TempShow sources
        Source: Process startedAuthor: frack113: Data: Command: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\qZEskWcTYJLciB" /XML "C:\Users\user\AppData\Local\Temp\tmpB6B0.tmp, CommandLine: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\qZEskWcTYJLciB" /XML "C:\Users\user\AppData\Local\Temp\tmpB6B0.tmp, CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\purchase order Nl32855 (1).exe" , ParentImage: C:\Users\user\Desktop\purchase order Nl32855 (1).exe, ParentProcessId: 6824, ProcessCommandLine: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\qZEskWcTYJLciB" /XML "C:\Users\user\AppData\Local\Temp\tmpB6B0.tmp, ProcessId: 5936

        Stealing of Sensitive Information:

        barindex
        Sigma detected: NanoCoreShow sources
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\purchase order Nl32855 (1).exe, ProcessId: 1668, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

        Remote Access Functionality:

        barindex
        Sigma detected: NanoCoreShow sources
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\purchase order Nl32855 (1).exe, ProcessId: 1668, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

        Jbx Signature Overview

        Click to jump to signature section

        Show All Signature Results

        AV Detection:

        barindex
        Found malware configurationShow sources
        Source: 00000014.00000002.729145629.0000000004881000.00000004.00000001.sdmpMalware Configuration Extractor: NanoCore {"Version": "1.2.2.0", "Mutex": "6c7be0fb-d973-4d3c-b342-92a2df7c", "Group": "Wiz", "Domain1": "lizaelock.ddns.net", "Domain2": "", "Port": 52149, "KeyboardLogging": "Enable", "RunOnStartup": "Enable", "RequestElevation": "Disable", "BypassUAC": "Enable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Enable", "SetCriticalProcess": "Enable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8009, "BufferSize": "02000100", "MaxPacketSize": "", "GCThreshold": "", "BypassUserAccountControlData": "<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n <RegistrationInfo />\r\n <Triggers />\r\n <Principals>\r\n <Principal id=\"Author\">\r\n <LogonType>InteractiveToken</LogonType>\r\n <RunLevel>HighestAvailable</RunLevel>\r\n </Principal>\r\n </Principals>\r\n <Settings>\r\n <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n <AllowHardTerminate>true</AllowHardTerminate>\r\n <StartWhenAvailable>false</StartWhenAvailable>\r\n <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n <IdleSettings>\r\n <StopOnIdleEnd>false</StopOnIdleEnd>\r\n <RestartOnIdle>false</RestartOnIdle>\r\n </IdleSettings>\r\n <AllowStartOnDemand>true</AllowStartOnDemand>\r\n <Enabled>true</Enabled>\r\n <Hidden>false</Hidden>\r\n <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n <WakeToRun>false</WakeToRun>\r\n <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n <Priority>4</Priority>\r\n </Settings>\r\n <Actions Context=\"Author\">\r\n <Exec>\r\n <Command>\"#EXECUTABLEPATH\"</Command>\r\n <Arguments>$(Arg0)</Arguments>\r\n </Exec>\r\n </Actions>\r\n</Task"}
        Multi AV Scanner detection for dropped fileShow sources
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeReversingLabs: Detection: 20%
        Source: C:\Users\user\AppData\Roaming\qZEskWcTYJLciB.exeReversingLabs: Detection: 20%
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 27.2.dhcpmon.exe.4513ac3.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.purchase order Nl32855 (1).exe.4482490.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 27.0.dhcpmon.exe.400000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.0.dhcpmon.exe.400000.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.0.dhcpmon.exe.400000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.0.dhcpmon.exe.400000.10.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.2.purchase order Nl32855 (1).exe.434ec86.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.2.purchase order Nl32855 (1).exe.4353ac3.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 27.2.dhcpmon.exe.45194f9.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.0.purchase order Nl32855 (1).exe.400000.10.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.0.purchase order Nl32855 (1).exe.400000.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.0.purchase order Nl32855 (1).exe.400000.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.0.purchase order Nl32855 (1).exe.400000.12.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.0.purchase order Nl32855 (1).exe.400000.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.purchase order Nl32855 (1).exe.4486ab9.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.purchase order Nl32855 (1).exe.4003c38.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.2.purchase order Nl32855 (1).exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.purchase order Nl32855 (1).exe.6000000.10.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 27.0.dhcpmon.exe.400000.10.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.purchase order Nl32855 (1).exe.446db22.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.2.dhcpmon.exe.48cec86.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.0.dhcpmon.exe.400000.12.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.0.dhcpmon.exe.400000.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 27.0.dhcpmon.exe.400000.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.2.dhcpmon.exe.3d93c38.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.0.purchase order Nl32855 (1).exe.400000.12.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.2.purchase order Nl32855 (1).exe.43594f9.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 27.0.dhcpmon.exe.400000.12.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.0.purchase order Nl32855 (1).exe.400000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 14.2.dhcpmon.exe.42d3c38.2.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.purchase order Nl32855 (1).exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.2.purchase order Nl32855 (1).exe.43594f9.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.2.dhcpmon.exe.48d94f9.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 27.0.dhcpmon.exe.400000.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 27.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.2.dhcpmon.exe.48d94f9.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.2.dhcpmon.exe.48d3ac3.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 27.2.dhcpmon.exe.45194f9.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.purchase order Nl32855 (1).exe.6004629.11.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.purchase order Nl32855 (1).exe.405d0e8.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.purchase order Nl32855 (1).exe.6000000.10.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.0.purchase order Nl32855 (1).exe.400000.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.0.purchase order Nl32855 (1).exe.400000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 27.2.dhcpmon.exe.450ec86.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.purchase order Nl32855 (1).exe.4493c38.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.0.purchase order Nl32855 (1).exe.400000.10.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.purchase order Nl32855 (1).exe.4482490.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.purchase order Nl32855 (1).exe.40e14f8.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.2.dhcpmon.exe.3d93c38.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 14.2.dhcpmon.exe.42d3c38.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.purchase order Nl32855 (1).exe.4493c38.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.purchase order Nl32855 (1).exe.4003c38.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000007.00000002.922693720.0000000006000000.00000004.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000000.700142323.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000014.00000002.729145629.0000000004881000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000000.699611919.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000002.744724197.00000000044C1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000000.672319406.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000000.727842390.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000014.00000000.710553542.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000011.00000002.732518649.0000000003C91000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000014.00000000.708011695.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000002.744635827.00000000034C1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.917874645.000000000446B000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000000.698759095.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000000.727053343.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.915976815.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000000.672759409.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000000.726440276.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.704899996.0000000004391000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000002.716328250.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000002.717558485.0000000004301000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000000.673837687.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000014.00000000.709668715.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000002.717504195.0000000003301000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000014.00000002.728891545.0000000003881000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000E.00000002.715852193.00000000041D1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000014.00000002.728031423.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000000.700948566.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000000.728365037.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000002.743854657.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000014.00000000.708878421.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000000.673297217.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.677615387.0000000003F01000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: purchase order Nl32855 (1).exe PID: 6824, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: purchase order Nl32855 (1).exe PID: 1668, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: purchase order Nl32855 (1).exe PID: 4864, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 6700, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: purchase order Nl32855 (1).exe PID: 5580, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 7084, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 6252, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 5984, type: MEMORYSTR
        Machine Learning detection for sampleShow sources
        Source: purchase order Nl32855 (1).exeJoe Sandbox ML: detected
        Machine Learning detection for dropped fileShow sources
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeJoe Sandbox ML: detected
        Source: C:\Users\user\AppData\Roaming\qZEskWcTYJLciB.exeJoe Sandbox ML: detected
        Source: 7.2.purchase order Nl32855 (1).exe.4482490.4.unpackAvira: Label: TR/NanoCore.fadte
        Source: 20.2.dhcpmon.exe.400000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 20.0.dhcpmon.exe.400000.6.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 27.0.dhcpmon.exe.400000.4.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 20.0.dhcpmon.exe.400000.4.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 20.0.dhcpmon.exe.400000.10.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 16.0.purchase order Nl32855 (1).exe.400000.8.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 16.0.purchase order Nl32855 (1).exe.400000.10.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 7.0.purchase order Nl32855 (1).exe.400000.8.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 16.0.purchase order Nl32855 (1).exe.400000.6.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 7.0.purchase order Nl32855 (1).exe.400000.12.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 16.2.purchase order Nl32855 (1).exe.400000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 27.0.dhcpmon.exe.400000.10.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 7.2.purchase order Nl32855 (1).exe.6000000.10.unpackAvira: Label: TR/NanoCore.fadte
        Source: 20.0.dhcpmon.exe.400000.12.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 27.0.dhcpmon.exe.400000.6.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 20.0.dhcpmon.exe.400000.8.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 16.0.purchase order Nl32855 (1).exe.400000.12.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 27.0.dhcpmon.exe.400000.12.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 7.0.purchase order Nl32855 (1).exe.400000.4.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 7.2.purchase order Nl32855 (1).exe.400000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 27.0.dhcpmon.exe.400000.8.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 27.2.dhcpmon.exe.400000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 7.0.purchase order Nl32855 (1).exe.400000.6.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 16.0.purchase order Nl32855 (1).exe.400000.4.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 7.0.purchase order Nl32855 (1).exe.400000.10.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: purchase order Nl32855 (1).exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
        Source: purchase order Nl32855 (1).exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
        Source: Binary string: C:\Users\Cole\Documents\Visual Studio 2013\Projects\NanoProtectPlugin\NanoProtectClient\obj\Debug\NanoProtectClient.pdb source: purchase order Nl32855 (1).exe, 00000007.00000002.917579790.0000000003411000.00000004.00000001.sdmp, purchase order Nl32855 (1).exe, 00000010.00000002.717558485.0000000004301000.00000004.00000001.sdmp, dhcpmon.exe, 00000014.00000002.729145629.0000000004881000.00000004.00000001.sdmp, dhcpmon.exe, 0000001B.00000002.744724197.00000000044C1000.00000004.00000001.sdmp
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 4x nop then jmp 029B6D31h0_2_029B6C28
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 4x nop then jmp 029B6D31h0_2_029B6C18
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 4x nop then mov esp, ebp7_2_018D8920
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 4x nop then jmp 05596D31h10_2_05596C28
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 4x nop then jmp 05596D31h10_2_05596C18
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 4x nop then jmp 02CE6D31h14_2_02CE6C28
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 4x nop then jmp 02CE6D31h14_2_02CE6C18

        Networking:

        barindex
        Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49779 -> 194.5.98.139:52149
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49780 -> 194.5.98.139:52149
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49783 -> 194.5.98.139:52149
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49784 -> 194.5.98.139:52149
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49785 -> 194.5.98.139:52149
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49786 -> 194.5.98.139:52149
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49788 -> 194.5.98.139:52149
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49794 -> 194.5.98.139:52149
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49823 -> 194.5.98.139:52149
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49825 -> 194.5.98.139:52149
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49831 -> 194.5.98.139:52149
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49833 -> 194.5.98.139:52149
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49852 -> 194.5.98.139:52149
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49857 -> 194.5.98.139:52149
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49860 -> 194.5.98.139:52149
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49863 -> 194.5.98.139:52149
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49864 -> 194.5.98.139:52149
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49865 -> 194.5.98.139:52149
        Connects to many ports of the same IP (likely port scanning)Show sources
        Source: global trafficTCP traffic: 194.5.98.139 ports 1,2,4,5,9,52149
        C2 URLs / IPs found in malware configurationShow sources
        Source: Malware configuration extractorURLs:
        Source: Malware configuration extractorURLs: lizaelock.ddns.net
        Uses dynamic DNS servicesShow sources
        Source: unknownDNS query: name: lizaelock.ddns.net
        Source: Joe Sandbox ViewASN Name: DANILENKODE DANILENKODE
        Source: global trafficTCP traffic: 192.168.2.4:49779 -> 194.5.98.139:52149
        Source: purchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpString found in binary or memory: http://fontfabrik.com
        Source: purchase order Nl32855 (1).exe, 00000000.00000002.676055738.0000000002F01000.00000004.00000001.sdmp, purchase order Nl32855 (1).exe, 0000000A.00000002.703727445.0000000003391000.00000004.00000001.sdmp, dhcpmon.exe, 0000000E.00000002.713454690.00000000031D1000.00000004.00000001.sdmp, dhcpmon.exe, 00000011.00000002.731487632.0000000002C91000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/REFRWFWFGB.xsdX1
        Source: purchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
        Source: purchase order Nl32855 (1).exe, 00000000.00000003.653582039.00000000051CE000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.com
        Source: purchase order Nl32855 (1).exe, 00000000.00000003.653582039.00000000051CE000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.com8
        Source: purchase order Nl32855 (1).exe, 00000000.00000003.653582039.00000000051CE000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comTC
        Source: purchase order Nl32855 (1).exe, 00000000.00000003.653582039.00000000051CE000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comal
        Source: purchase order Nl32855 (1).exe, 00000000.00000003.653582039.00000000051CE000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comc
        Source: purchase order Nl32855 (1).exe, 00000000.00000003.653679924.00000000051CE000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comgy
        Source: purchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
        Source: purchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
        Source: purchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
        Source: purchase order Nl32855 (1).exe, 00000000.00000003.655594413.00000000051CD000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers)
        Source: purchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
        Source: purchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
        Source: purchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmp, purchase order Nl32855 (1).exe, 00000000.00000003.655797740.00000000051CD000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
        Source: purchase order Nl32855 (1).exe, 00000000.00000003.660776049.00000000051CD000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers6
        Source: purchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
        Source: purchase order Nl32855 (1).exe, 00000000.00000003.655594413.00000000051CD000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers:
        Source: purchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
        Source: purchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
        Source: purchase order Nl32855 (1).exe, 00000000.00000003.655572984.00000000051CD000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersN
        Source: purchase order Nl32855 (1).exe, 00000000.00000003.656766671.00000000051CD000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersb
        Source: purchase order Nl32855 (1).exe, 00000000.00000003.655412203.00000000051CD000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersers
        Source: purchase order Nl32855 (1).exe, 00000000.00000003.660819604.00000000051CD000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersers6
        Source: purchase order Nl32855 (1).exe, 00000000.00000003.655412203.00000000051CD000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designerso
        Source: purchase order Nl32855 (1).exe, 00000000.00000003.660853088.00000000051CD000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designerst
        Source: purchase order Nl32855 (1).exe, 00000000.00000003.656974223.0000000005194000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comF
        Source: purchase order Nl32855 (1).exe, 00000000.00000003.656974223.0000000005194000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comcomov
        Source: purchase order Nl32855 (1).exe, 00000000.00000003.656974223.0000000005194000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comiond
        Source: purchase order Nl32855 (1).exe, 00000000.00000003.674530297.0000000005190000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comlvfet
        Source: purchase order Nl32855 (1).exe, 00000000.00000003.674530297.0000000005190000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.commiv
        Source: purchase order Nl32855 (1).exe, 00000000.00000003.674530297.0000000005190000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.como
        Source: purchase order Nl32855 (1).exe, 00000000.00000003.656974223.0000000005194000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comtteo
        Source: purchase order Nl32855 (1).exe, 00000000.00000003.656974223.0000000005194000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comueed
        Source: purchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.com
        Source: purchase order Nl32855 (1).exe, 00000000.00000003.651079254.00000000051AB000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.comTF
        Source: purchase order Nl32855 (1).exe, 00000000.00000003.651079254.00000000051AB000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.comc
        Source: purchase order Nl32855 (1).exe, 00000000.00000003.651102643.00000000051AB000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.comicy
        Source: purchase order Nl32855 (1).exe, 00000000.00000003.651079254.00000000051AB000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.comro
        Source: purchase order Nl32855 (1).exe, 00000000.00000003.651079254.00000000051AB000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.comx
        Source: purchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
        Source: purchase order Nl32855 (1).exe, 00000000.00000003.653115791.0000000005194000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/
        Source: purchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
        Source: purchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
        Source: purchase order Nl32855 (1).exe, 00000000.00000003.658391644.000000000519D000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/
        Source: purchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
        Source: purchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
        Source: purchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
        Source: purchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
        Source: purchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
        Source: purchase order Nl32855 (1).exe, 00000000.00000003.651123603.00000000051AB000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com-d
        Source: purchase order Nl32855 (1).exe, 00000000.00000003.651123603.00000000051AB000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.coma-d
        Source: purchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpString found in binary or memory: http://www.sakkal.com
        Source: purchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
        Source: purchase order Nl32855 (1).exe, 00000000.00000003.652184825.0000000005199000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.krl)
        Source: purchase order Nl32855 (1).exe, 00000000.00000003.652184825.0000000005199000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.krn
        Source: purchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmp, purchase order Nl32855 (1).exe, 00000000.00000003.651256695.00000000051AB000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.com
        Source: purchase order Nl32855 (1).exe, 00000000.00000003.651256695.00000000051AB000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.com.
        Source: purchase order Nl32855 (1).exe, 00000000.00000003.651276008.00000000051AB000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.com8
        Source: purchase order Nl32855 (1).exe, 00000000.00000003.651301668.00000000051AB000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.comcoo
        Source: purchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpString found in binary or memory: http://www.typography.netD
        Source: purchase order Nl32855 (1).exe, 00000000.00000003.656974223.0000000005194000.00000004.00000001.sdmpString found in binary or memory: http://www.urwpp.de
        Source: purchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
        Source: purchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
        Source: unknownDNS traffic detected: queries for: lizaelock.ddns.net
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 7_2_05602FE2 WSARecv,7_2_05602FE2
        Source: purchase order Nl32855 (1).exe, 00000007.00000002.922693720.0000000006000000.00000004.00020000.sdmpBinary or memory string: RegisterRawInputDevices

        E-Banking Fraud:

        barindex
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 27.2.dhcpmon.exe.4513ac3.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.purchase order Nl32855 (1).exe.4482490.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 27.0.dhcpmon.exe.400000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.0.dhcpmon.exe.400000.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.0.dhcpmon.exe.400000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.0.dhcpmon.exe.400000.10.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.2.purchase order Nl32855 (1).exe.434ec86.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.2.purchase order Nl32855 (1).exe.4353ac3.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 27.2.dhcpmon.exe.45194f9.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.0.purchase order Nl32855 (1).exe.400000.10.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.0.purchase order Nl32855 (1).exe.400000.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.0.purchase order Nl32855 (1).exe.400000.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.0.purchase order Nl32855 (1).exe.400000.12.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.0.purchase order Nl32855 (1).exe.400000.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.purchase order Nl32855 (1).exe.4486ab9.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.purchase order Nl32855 (1).exe.4003c38.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.2.purchase order Nl32855 (1).exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.purchase order Nl32855 (1).exe.6000000.10.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 27.0.dhcpmon.exe.400000.10.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.purchase order Nl32855 (1).exe.446db22.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.2.dhcpmon.exe.48cec86.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.0.dhcpmon.exe.400000.12.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.0.dhcpmon.exe.400000.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 27.0.dhcpmon.exe.400000.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.2.dhcpmon.exe.3d93c38.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.0.purchase order Nl32855 (1).exe.400000.12.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.2.purchase order Nl32855 (1).exe.43594f9.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 27.0.dhcpmon.exe.400000.12.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.0.purchase order Nl32855 (1).exe.400000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 14.2.dhcpmon.exe.42d3c38.2.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.purchase order Nl32855 (1).exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.2.purchase order Nl32855 (1).exe.43594f9.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.2.dhcpmon.exe.48d94f9.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 27.0.dhcpmon.exe.400000.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 27.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.2.dhcpmon.exe.48d94f9.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.2.dhcpmon.exe.48d3ac3.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 27.2.dhcpmon.exe.45194f9.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.purchase order Nl32855 (1).exe.6004629.11.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.purchase order Nl32855 (1).exe.405d0e8.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.purchase order Nl32855 (1).exe.6000000.10.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.0.purchase order Nl32855 (1).exe.400000.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.0.purchase order Nl32855 (1).exe.400000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 27.2.dhcpmon.exe.450ec86.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.purchase order Nl32855 (1).exe.4493c38.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.0.purchase order Nl32855 (1).exe.400000.10.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.purchase order Nl32855 (1).exe.4482490.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.purchase order Nl32855 (1).exe.40e14f8.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.2.dhcpmon.exe.3d93c38.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 14.2.dhcpmon.exe.42d3c38.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.purchase order Nl32855 (1).exe.4493c38.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.purchase order Nl32855 (1).exe.4003c38.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000007.00000002.922693720.0000000006000000.00000004.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000000.700142323.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000014.00000002.729145629.0000000004881000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000000.699611919.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000002.744724197.00000000044C1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000000.672319406.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000000.727842390.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000014.00000000.710553542.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000011.00000002.732518649.0000000003C91000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000014.00000000.708011695.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000002.744635827.00000000034C1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.917874645.000000000446B000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000000.698759095.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000000.727053343.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.915976815.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000000.672759409.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000000.726440276.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.704899996.0000000004391000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000002.716328250.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000002.717558485.0000000004301000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000000.673837687.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000014.00000000.709668715.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000002.717504195.0000000003301000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000014.00000002.728891545.0000000003881000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000E.00000002.715852193.00000000041D1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000014.00000002.728031423.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000000.700948566.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000000.728365037.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000002.743854657.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000014.00000000.708878421.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000000.673297217.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.677615387.0000000003F01000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: purchase order Nl32855 (1).exe PID: 6824, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: purchase order Nl32855 (1).exe PID: 1668, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: purchase order Nl32855 (1).exe PID: 4864, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 6700, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: purchase order Nl32855 (1).exe PID: 5580, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 7084, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 6252, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 5984, type: MEMORYSTR

        Operating System Destruction:

        barindex
        Protects its processes via BreakOnTermination flagShow sources
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: 01 00 00 00 Jump to behavior

        System Summary:

        barindex
        Malicious sample detected (through community Yara rule)Show sources
        Source: 16.2.purchase order Nl32855 (1).exe.434ec86.5.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 27.2.dhcpmon.exe.4513ac3.6.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 27.2.dhcpmon.exe.4513ac3.6.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 7.2.purchase order Nl32855 (1).exe.4482490.4.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 27.0.dhcpmon.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 27.0.dhcpmon.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 27.2.dhcpmon.exe.34e8b54.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 20.0.dhcpmon.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 20.0.dhcpmon.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 20.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 20.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 20.0.dhcpmon.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 20.0.dhcpmon.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 20.0.dhcpmon.exe.400000.10.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 20.0.dhcpmon.exe.400000.10.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 16.2.purchase order Nl32855 (1).exe.3328aac.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 16.2.purchase order Nl32855 (1).exe.434ec86.5.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 16.2.purchase order Nl32855 (1).exe.434ec86.5.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 27.2.dhcpmon.exe.34e3ac8.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 16.2.purchase order Nl32855 (1).exe.4353ac3.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 16.2.purchase order Nl32855 (1).exe.4353ac3.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 27.2.dhcpmon.exe.45194f9.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 16.0.purchase order Nl32855 (1).exe.400000.10.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 16.0.purchase order Nl32855 (1).exe.400000.10.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 27.2.dhcpmon.exe.450ec86.5.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 7.2.purchase order Nl32855 (1).exe.3421628.2.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 16.0.purchase order Nl32855 (1).exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 16.0.purchase order Nl32855 (1).exe.400000.8.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 7.0.purchase order Nl32855 (1).exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 7.0.purchase order Nl32855 (1).exe.400000.8.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 7.0.purchase order Nl32855 (1).exe.400000.12.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 7.0.purchase order Nl32855 (1).exe.400000.12.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 7.2.purchase order Nl32855 (1).exe.5ff0000.9.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 16.0.purchase order Nl32855 (1).exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 16.0.purchase order Nl32855 (1).exe.400000.6.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 7.2.purchase order Nl32855 (1).exe.4486ab9.5.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.purchase order Nl32855 (1).exe.4003c38.3.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.purchase order Nl32855 (1).exe.4003c38.3.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 20.2.dhcpmon.exe.38a8b54.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 16.2.purchase order Nl32855 (1).exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 16.2.purchase order Nl32855 (1).exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 7.2.purchase order Nl32855 (1).exe.6000000.10.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 27.0.dhcpmon.exe.400000.10.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 27.0.dhcpmon.exe.400000.10.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 7.2.purchase order Nl32855 (1).exe.446db22.6.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 16.2.purchase order Nl32855 (1).exe.3323a20.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 20.2.dhcpmon.exe.38a3ac8.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 20.2.dhcpmon.exe.48cec86.5.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 20.2.dhcpmon.exe.48cec86.5.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 20.0.dhcpmon.exe.400000.12.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 20.0.dhcpmon.exe.400000.12.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 27.2.dhcpmon.exe.34e3ac8.2.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 20.0.dhcpmon.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 20.0.dhcpmon.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 7.2.purchase order Nl32855 (1).exe.5d50000.7.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 27.0.dhcpmon.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 27.0.dhcpmon.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 16.2.purchase order Nl32855 (1).exe.3323a20.2.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 17.2.dhcpmon.exe.3d93c38.3.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 17.2.dhcpmon.exe.3d93c38.3.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 16.0.purchase order Nl32855 (1).exe.400000.12.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 16.0.purchase order Nl32855 (1).exe.400000.12.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 16.2.purchase order Nl32855 (1).exe.43594f9.6.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 27.0.dhcpmon.exe.400000.12.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 27.0.dhcpmon.exe.400000.12.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 7.0.purchase order Nl32855 (1).exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 7.0.purchase order Nl32855 (1).exe.400000.4.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 20.2.dhcpmon.exe.38a3ac8.3.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 14.2.dhcpmon.exe.42d3c38.2.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 14.2.dhcpmon.exe.42d3c38.2.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 20.2.dhcpmon.exe.48cec86.5.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 7.2.purchase order Nl32855 (1).exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 7.2.purchase order Nl32855 (1).exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 16.2.purchase order Nl32855 (1).exe.43594f9.6.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 20.2.dhcpmon.exe.48d94f9.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 27.0.dhcpmon.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 27.0.dhcpmon.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 27.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 27.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 20.2.dhcpmon.exe.48d94f9.4.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 20.2.dhcpmon.exe.48d3ac3.6.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 20.2.dhcpmon.exe.48d3ac3.6.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 7.2.purchase order Nl32855 (1).exe.3421628.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 27.2.dhcpmon.exe.45194f9.4.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 7.2.purchase order Nl32855 (1).exe.6004629.11.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.purchase order Nl32855 (1).exe.405d0e8.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.purchase order Nl32855 (1).exe.405d0e8.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 7.2.purchase order Nl32855 (1).exe.34264a4.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 7.2.purchase order Nl32855 (1).exe.6000000.10.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 7.0.purchase order Nl32855 (1).exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 7.0.purchase order Nl32855 (1).exe.400000.6.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 16.0.purchase order Nl32855 (1).exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 16.0.purchase order Nl32855 (1).exe.400000.4.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 27.2.dhcpmon.exe.450ec86.5.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 27.2.dhcpmon.exe.450ec86.5.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 7.0.purchase order Nl32855 (1).exe.400000.10.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 10.2.purchase order Nl32855 (1).exe.4493c38.3.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 10.2.purchase order Nl32855 (1).exe.4493c38.3.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 7.0.purchase order Nl32855 (1).exe.400000.10.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 7.2.purchase order Nl32855 (1).exe.4482490.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.purchase order Nl32855 (1).exe.40e14f8.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.purchase order Nl32855 (1).exe.40e14f8.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 17.2.dhcpmon.exe.3d93c38.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 14.2.dhcpmon.exe.42d3c38.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 10.2.purchase order Nl32855 (1).exe.4493c38.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.purchase order Nl32855 (1).exe.4003c38.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.purchase order Nl32855 (1).exe.4003c38.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 17.2.dhcpmon.exe.3d93c38.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 10.2.purchase order Nl32855 (1).exe.4493c38.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 14.2.dhcpmon.exe.42d3c38.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000007.00000002.922693720.0000000006000000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000010.00000000.700142323.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000010.00000000.700142323.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000014.00000002.729145629.0000000004881000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000010.00000000.699611919.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000010.00000000.699611919.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000001B.00000002.744724197.00000000044C1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000007.00000000.672319406.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000007.00000000.672319406.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000001B.00000000.727842390.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000001B.00000000.727842390.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000014.00000000.710553542.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000014.00000000.710553542.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000011.00000002.732518649.0000000003C91000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000011.00000002.732518649.0000000003C91000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000014.00000000.708011695.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000014.00000000.708011695.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000001B.00000002.744635827.00000000034C1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000010.00000000.698759095.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000010.00000000.698759095.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000007.00000002.922681658.0000000005FF0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000001B.00000000.727053343.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000001B.00000000.727053343.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000007.00000002.915976815.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000007.00000002.915976815.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000007.00000000.672759409.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000007.00000000.672759409.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000007.00000002.922602924.0000000005D50000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000001B.00000000.726440276.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000001B.00000000.726440276.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000000A.00000002.704899996.0000000004391000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000000A.00000002.704899996.0000000004391000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000010.00000002.716328250.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000010.00000002.716328250.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000010.00000002.717558485.0000000004301000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000007.00000000.673837687.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000007.00000000.673837687.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000014.00000000.709668715.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000014.00000000.709668715.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000010.00000002.717504195.0000000003301000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000014.00000002.728891545.0000000003881000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000000E.00000002.715852193.00000000041D1000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000000E.00000002.715852193.00000000041D1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000014.00000002.728031423.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000014.00000002.728031423.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000010.00000000.700948566.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000010.00000000.700948566.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000001B.00000000.728365037.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000001B.00000000.728365037.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000001B.00000002.743854657.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000001B.00000002.743854657.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000014.00000000.708878421.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000014.00000000.708878421.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000007.00000000.673297217.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000007.00000000.673297217.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000000.00000002.677615387.0000000003F01000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000000.00000002.677615387.0000000003F01000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: purchase order Nl32855 (1).exe PID: 6824, type: MEMORYSTRMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: purchase order Nl32855 (1).exe PID: 6824, type: MEMORYSTRMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: purchase order Nl32855 (1).exe PID: 1668, type: MEMORYSTRMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: purchase order Nl32855 (1).exe PID: 1668, type: MEMORYSTRMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: purchase order Nl32855 (1).exe PID: 4864, type: MEMORYSTRMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: purchase order Nl32855 (1).exe PID: 4864, type: MEMORYSTRMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: dhcpmon.exe PID: 6700, type: MEMORYSTRMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: dhcpmon.exe PID: 6700, type: MEMORYSTRMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: purchase order Nl32855 (1).exe PID: 5580, type: MEMORYSTRMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: purchase order Nl32855 (1).exe PID: 5580, type: MEMORYSTRMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: dhcpmon.exe PID: 7084, type: MEMORYSTRMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: dhcpmon.exe PID: 7084, type: MEMORYSTRMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: dhcpmon.exe PID: 6252, type: MEMORYSTRMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: dhcpmon.exe PID: 6252, type: MEMORYSTRMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: dhcpmon.exe PID: 5984, type: MEMORYSTRMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: dhcpmon.exe PID: 5984, type: MEMORYSTRMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Initial sample is a PE file and has a suspicious nameShow sources
        Source: initial sampleStatic PE information: Filename: purchase order Nl32855 (1).exe
        Source: purchase order Nl32855 (1).exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
        Source: 16.2.purchase order Nl32855 (1).exe.434ec86.5.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 16.2.purchase order Nl32855 (1).exe.434ec86.5.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 27.2.dhcpmon.exe.4513ac3.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 27.2.dhcpmon.exe.4513ac3.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 27.2.dhcpmon.exe.4513ac3.6.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 7.2.purchase order Nl32855 (1).exe.4482490.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 7.2.purchase order Nl32855 (1).exe.4482490.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 27.0.dhcpmon.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 27.0.dhcpmon.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 27.0.dhcpmon.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 27.2.dhcpmon.exe.34e8b54.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 27.2.dhcpmon.exe.34e8b54.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 20.0.dhcpmon.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 20.0.dhcpmon.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 20.0.dhcpmon.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 20.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 20.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 20.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 20.0.dhcpmon.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 20.0.dhcpmon.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 20.0.dhcpmon.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 20.0.dhcpmon.exe.400000.10.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 20.0.dhcpmon.exe.400000.10.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 20.0.dhcpmon.exe.400000.10.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 16.2.purchase order Nl32855 (1).exe.3328aac.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 16.2.purchase order Nl32855 (1).exe.3328aac.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 16.2.purchase order Nl32855 (1).exe.434ec86.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 16.2.purchase order Nl32855 (1).exe.434ec86.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 16.2.purchase order Nl32855 (1).exe.434ec86.5.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 27.2.dhcpmon.exe.34e3ac8.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 27.2.dhcpmon.exe.34e3ac8.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 16.2.purchase order Nl32855 (1).exe.4353ac3.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 16.2.purchase order Nl32855 (1).exe.4353ac3.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 16.2.purchase order Nl32855 (1).exe.4353ac3.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 27.2.dhcpmon.exe.45194f9.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 27.2.dhcpmon.exe.45194f9.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 16.0.purchase order Nl32855 (1).exe.400000.10.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 16.0.purchase order Nl32855 (1).exe.400000.10.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 16.0.purchase order Nl32855 (1).exe.400000.10.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 27.2.dhcpmon.exe.450ec86.5.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 27.2.dhcpmon.exe.450ec86.5.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 7.2.purchase order Nl32855 (1).exe.3421628.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 7.2.purchase order Nl32855 (1).exe.3421628.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 16.0.purchase order Nl32855 (1).exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 16.0.purchase order Nl32855 (1).exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 16.0.purchase order Nl32855 (1).exe.400000.8.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 7.0.purchase order Nl32855 (1).exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 7.0.purchase order Nl32855 (1).exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 7.0.purchase order Nl32855 (1).exe.400000.8.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 7.0.purchase order Nl32855 (1).exe.400000.12.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 7.0.purchase order Nl32855 (1).exe.400000.12.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 7.0.purchase order Nl32855 (1).exe.400000.12.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 7.2.purchase order Nl32855 (1).exe.5ff0000.9.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 7.2.purchase order Nl32855 (1).exe.5ff0000.9.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 16.0.purchase order Nl32855 (1).exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 16.0.purchase order Nl32855 (1).exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 16.0.purchase order Nl32855 (1).exe.400000.6.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 7.2.purchase order Nl32855 (1).exe.4486ab9.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 7.2.purchase order Nl32855 (1).exe.4486ab9.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.2.purchase order Nl32855 (1).exe.4003c38.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0.2.purchase order Nl32855 (1).exe.4003c38.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.2.purchase order Nl32855 (1).exe.4003c38.3.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 20.2.dhcpmon.exe.38a8b54.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 20.2.dhcpmon.exe.38a8b54.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 16.2.purchase order Nl32855 (1).exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 16.2.purchase order Nl32855 (1).exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 16.2.purchase order Nl32855 (1).exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 7.2.purchase order Nl32855 (1).exe.6000000.10.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 7.2.purchase order Nl32855 (1).exe.6000000.10.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 27.0.dhcpmon.exe.400000.10.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 27.0.dhcpmon.exe.400000.10.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 27.0.dhcpmon.exe.400000.10.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 7.2.purchase order Nl32855 (1).exe.446db22.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 7.2.purchase order Nl32855 (1).exe.446db22.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 16.2.purchase order Nl32855 (1).exe.3323a20.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 16.2.purchase order Nl32855 (1).exe.3323a20.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 20.2.dhcpmon.exe.38a3ac8.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 20.2.dhcpmon.exe.38a3ac8.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 20.2.dhcpmon.exe.48cec86.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 20.2.dhcpmon.exe.48cec86.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 20.2.dhcpmon.exe.48cec86.5.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 20.0.dhcpmon.exe.400000.12.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 20.0.dhcpmon.exe.400000.12.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 20.0.dhcpmon.exe.400000.12.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 27.2.dhcpmon.exe.34e3ac8.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 27.2.dhcpmon.exe.34e3ac8.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 20.0.dhcpmon.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 20.0.dhcpmon.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 20.0.dhcpmon.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 7.2.purchase order Nl32855 (1).exe.5d50000.7.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 7.2.purchase order Nl32855 (1).exe.5d50000.7.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 27.0.dhcpmon.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 27.0.dhcpmon.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 27.0.dhcpmon.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 16.2.purchase order Nl32855 (1).exe.3323a20.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 16.2.purchase order Nl32855 (1).exe.3323a20.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 17.2.dhcpmon.exe.3d93c38.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 17.2.dhcpmon.exe.3d93c38.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 17.2.dhcpmon.exe.3d93c38.3.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 16.0.purchase order Nl32855 (1).exe.400000.12.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 16.0.purchase order Nl32855 (1).exe.400000.12.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 16.0.purchase order Nl32855 (1).exe.400000.12.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 16.2.purchase order Nl32855 (1).exe.43594f9.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 16.2.purchase order Nl32855 (1).exe.43594f9.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 27.0.dhcpmon.exe.400000.12.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 27.0.dhcpmon.exe.400000.12.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 27.0.dhcpmon.exe.400000.12.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 7.0.purchase order Nl32855 (1).exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 7.0.purchase order Nl32855 (1).exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 7.0.purchase order Nl32855 (1).exe.400000.4.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 20.2.dhcpmon.exe.38a3ac8.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 20.2.dhcpmon.exe.38a3ac8.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 14.2.dhcpmon.exe.42d3c38.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 14.2.dhcpmon.exe.42d3c38.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 14.2.dhcpmon.exe.42d3c38.2.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 20.2.dhcpmon.exe.48cec86.5.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 20.2.dhcpmon.exe.48cec86.5.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 7.2.purchase order Nl32855 (1).exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 7.2.purchase order Nl32855 (1).exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 7.2.purchase order Nl32855 (1).exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 16.2.purchase order Nl32855 (1).exe.43594f9.6.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 16.2.purchase order Nl32855 (1).exe.43594f9.6.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 20.2.dhcpmon.exe.48d94f9.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 20.2.dhcpmon.exe.48d94f9.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 27.0.dhcpmon.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 27.0.dhcpmon.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 27.0.dhcpmon.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 27.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 27.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 27.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 20.2.dhcpmon.exe.48d94f9.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 20.2.dhcpmon.exe.48d94f9.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 20.2.dhcpmon.exe.48d3ac3.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 20.2.dhcpmon.exe.48d3ac3.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 20.2.dhcpmon.exe.48d3ac3.6.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 7.2.purchase order Nl32855 (1).exe.3421628.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 7.2.purchase order Nl32855 (1).exe.3421628.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 27.2.dhcpmon.exe.45194f9.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 27.2.dhcpmon.exe.45194f9.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 7.2.purchase order Nl32855 (1).exe.6004629.11.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 7.2.purchase order Nl32855 (1).exe.6004629.11.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.2.purchase order Nl32855 (1).exe.405d0e8.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0.2.purchase order Nl32855 (1).exe.405d0e8.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 7.2.purchase order Nl32855 (1).exe.34264a4.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 7.2.purchase order Nl32855 (1).exe.34264a4.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 7.2.purchase order Nl32855 (1).exe.6000000.10.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 7.2.purchase order Nl32855 (1).exe.6000000.10.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 7.0.purchase order Nl32855 (1).exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 7.0.purchase order Nl32855 (1).exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 7.0.purchase order Nl32855 (1).exe.400000.6.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 16.0.purchase order Nl32855 (1).exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 16.0.purchase order Nl32855 (1).exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 16.0.purchase order Nl32855 (1).exe.400000.4.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 27.2.dhcpmon.exe.450ec86.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 27.2.dhcpmon.exe.450ec86.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 27.2.dhcpmon.exe.450ec86.5.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 7.0.purchase order Nl32855 (1).exe.400000.10.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 7.0.purchase order Nl32855 (1).exe.400000.10.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 10.2.purchase order Nl32855 (1).exe.4493c38.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 10.2.purchase order Nl32855 (1).exe.4493c38.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 10.2.purchase order Nl32855 (1).exe.4493c38.3.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 7.0.purchase order Nl32855 (1).exe.400000.10.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 7.2.purchase order Nl32855 (1).exe.4482490.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 7.2.purchase order Nl32855 (1).exe.4482490.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.2.purchase order Nl32855 (1).exe.40e14f8.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0.2.purchase order Nl32855 (1).exe.40e14f8.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 17.2.dhcpmon.exe.3d93c38.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 14.2.dhcpmon.exe.42d3c38.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 10.2.purchase order Nl32855 (1).exe.4493c38.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0.2.purchase order Nl32855 (1).exe.4003c38.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0.2.purchase order Nl32855 (1).exe.4003c38.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 17.2.dhcpmon.exe.3d93c38.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 10.2.purchase order Nl32855 (1).exe.4493c38.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 14.2.dhcpmon.exe.42d3c38.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000007.00000002.922693720.0000000006000000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000007.00000002.922693720.0000000006000000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 00000010.00000000.700142323.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000010.00000000.700142323.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000014.00000002.729145629.0000000004881000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000010.00000000.699611919.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000010.00000000.699611919.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000001B.00000002.744724197.00000000044C1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000007.00000000.672319406.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000007.00000000.672319406.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000001B.00000000.727842390.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000001B.00000000.727842390.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000014.00000000.710553542.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000014.00000000.710553542.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000011.00000002.732518649.0000000003C91000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000011.00000002.732518649.0000000003C91000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000014.00000000.708011695.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000014.00000000.708011695.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000001B.00000002.744635827.00000000034C1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000010.00000000.698759095.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000010.00000000.698759095.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000007.00000002.922681658.0000000005FF0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000007.00000002.922681658.0000000005FF0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0000001B.00000000.727053343.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000001B.00000000.727053343.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000007.00000002.915976815.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000007.00000002.915976815.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000007.00000000.672759409.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000007.00000000.672759409.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000007.00000002.922602924.0000000005D50000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000007.00000002.922602924.0000000005D50000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0000001B.00000000.726440276.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000001B.00000000.726440276.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000000A.00000002.704899996.0000000004391000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000A.00000002.704899996.0000000004391000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000010.00000002.716328250.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000010.00000002.716328250.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000010.00000002.717558485.0000000004301000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000007.00000000.673837687.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000007.00000000.673837687.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000014.00000000.709668715.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000014.00000000.709668715.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000010.00000002.717504195.0000000003301000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000014.00000002.728891545.0000000003881000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000000E.00000002.715852193.00000000041D1000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000E.00000002.715852193.00000000041D1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000014.00000002.728031423.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000014.00000002.728031423.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000010.00000000.700948566.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000010.00000000.700948566.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000001B.00000000.728365037.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000001B.00000000.728365037.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000001B.00000002.743854657.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000001B.00000002.743854657.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000014.00000000.708878421.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000014.00000000.708878421.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000007.00000000.673297217.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000007.00000000.673297217.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000000.00000002.677615387.0000000003F01000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000000.00000002.677615387.0000000003F01000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: purchase order Nl32855 (1).exe PID: 6824, type: MEMORYSTRMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: purchase order Nl32855 (1).exe PID: 6824, type: MEMORYSTRMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: purchase order Nl32855 (1).exe PID: 1668, type: MEMORYSTRMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: purchase order Nl32855 (1).exe PID: 1668, type: MEMORYSTRMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: purchase order Nl32855 (1).exe PID: 4864, type: MEMORYSTRMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: purchase order Nl32855 (1).exe PID: 4864, type: MEMORYSTRMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: dhcpmon.exe PID: 6700, type: MEMORYSTRMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: dhcpmon.exe PID: 6700, type: MEMORYSTRMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: purchase order Nl32855 (1).exe PID: 5580, type: MEMORYSTRMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: purchase order Nl32855 (1).exe PID: 5580, type: MEMORYSTRMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: dhcpmon.exe PID: 7084, type: MEMORYSTRMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: dhcpmon.exe PID: 7084, type: MEMORYSTRMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: dhcpmon.exe PID: 6252, type: MEMORYSTRMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: dhcpmon.exe PID: 6252, type: MEMORYSTRMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: dhcpmon.exe PID: 5984, type: MEMORYSTRMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: dhcpmon.exe PID: 5984, type: MEMORYSTRMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_00619A7C0_2_00619A7C
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_029B0EE00_2_029B0EE0
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_029BF4380_2_029BF438
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_029B6C280_2_029B6C28
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_029B7F980_2_029B7F98
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_029BD5C00_2_029BD5C0
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_029B57680_2_029B5768
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_029B6C180_2_029B6C18
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_029B575A0_2_029B575A
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_06A6B2200_2_06A6B220
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_06A61E280_2_06A61E28
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_06A681E00_2_06A681E0
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_06A60D380_2_06A60D38
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_06A615600_2_06A61560
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_06A686A00_2_06A686A0
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_06A686910_2_06A68691
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_06A6B6E80_2_06A6B6E8
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_06A69AF00_2_06A69AF0
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_06A6C6D80_2_06A6C6D8
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_06A64A200_2_06A64A20
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_06A64E2A0_2_06A64E2A
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_06A602300_2_06A60230
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_06A64E380_2_06A64E38
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_06A63A080_2_06A63A08
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_06A64A100_2_06A64A10
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_06A65A110_2_06A65A11
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_06A64FD80_2_06A64FD8
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_06A69B000_2_06A69B00
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_06A6AB400_2_06A6AB40
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_06A60CB90_2_06A60CB9
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_06A644800_2_06A64480
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_06A644900_2_06A64490
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_06A694980_2_06A69498
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_06A64C080_2_06A64C08
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_06A64C180_2_06A64C18
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_06A698790_2_06A69879
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_06A68C500_2_06A68C50
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_06A639FA0_2_06A639FA
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_06A681CF0_2_06A681CF
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 7_2_00C39A7C7_2_00C39A7C
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 7_2_018D2FA87_2_018D2FA8
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 7_2_018D23A07_2_018D23A0
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 7_2_018DB7487_2_018DB748
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 7_2_018D9A787_2_018D9A78
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 7_2_018D8E787_2_018D8E78
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 7_2_018D306F7_2_018D306F
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 7_2_018D9B3F7_2_018D9B3F
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 7_2_018DD2987_2_018DD298
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 10_2_00CF9A7C10_2_00CF9A7C
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 10_2_0559575810_2_05595758
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 10_2_05597F9810_2_05597F98
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 10_2_05596C2810_2_05596C28
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 10_2_05590EE010_2_05590EE0
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 10_2_05596C1810_2_05596C18
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 10_2_0856156010_2_08561560
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 10_2_08560D3810_2_08560D38
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 10_2_085681E010_2_085681E0
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 10_2_0856B1A010_2_0856B1A0
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 10_2_08561E2810_2_08561E28
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 10_2_08568C5010_2_08568C50
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 10_2_08568C1010_2_08568C10
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 10_2_08564C1810_2_08564C18
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 10_2_08564C0810_2_08564C08
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 10_2_0856449010_2_08564490
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 10_2_08560C9910_2_08560C99
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 10_2_0856448010_2_08564480
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 10_2_085681CF10_2_085681CF
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 10_2_085639FA10_2_085639FA
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 10_2_0856C65810_2_0856C658
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 10_2_0856B66810_2_0856B668
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 10_2_08564A1010_2_08564A10
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 10_2_08563A0810_2_08563A08
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 10_2_0856023010_2_08560230
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 10_2_08564E3810_2_08564E38
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 10_2_08564A2010_2_08564A20
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 10_2_08564E2A10_2_08564E2A
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 10_2_0856869110_2_08568691
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 10_2_085686A010_2_085686A0
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 10_2_0856AB4010_2_0856AB40
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 10_2_08569B0010_2_08569B00
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 10_2_08564FD810_2_08564FD8
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_00879A7C14_2_00879A7C
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_02CE0EE014_2_02CE0EE0
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_02CEE01914_2_02CEE019
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_02CE6C2814_2_02CE6C28
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_02CEF42814_2_02CEF428
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_02CE7F9814_2_02CE7F98
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_02CED5B014_2_02CED5B0
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_02CE6C1814_2_02CE6C18
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_069C1E2814_2_069C1E28
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_069CB1A014_2_069CB1A0
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_069C81E014_2_069C81E0
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_069C0D3814_2_069C0D38
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_069C156014_2_069C1560
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_069C869114_2_069C8691
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_069C86A014_2_069C86A0
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_069C9AF014_2_069C9AF0
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_069C4A1014_2_069C4A10
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_069C5A1114_2_069C5A11
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_069C3A0814_2_069C3A08
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_069C4E3814_2_069C4E38
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_069C023014_2_069C0230
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_069C4E2B14_2_069C4E2B
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_069C4A2014_2_069C4A20
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_069CC65814_2_069CC658
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_069CB66814_2_069CB668
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_069C4FD814_2_069C4FD8
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_069C9B0014_2_069C9B00
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_069CAB4014_2_069CAB40
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_069C949814_2_069C9498
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_069C449014_2_069C4490
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_069C448014_2_069C4480
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_069C0CB914_2_069C0CB9
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_069C4C1814_2_069C4C18
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_069C8C1014_2_069C8C10
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_069C4C0814_2_069C4C08
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_069C8C5014_2_069C8C50
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_069C987914_2_069C9879
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_069C81CF14_2_069C81CF
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_069C39FB14_2_069C39FB
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_069C197014_2_069C1970
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 16_2_00A69A7C16_2_00A69A7C
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 16_2_054523A016_2_054523A0
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 16_2_05452FA816_2_05452FA8
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 16_2_0545306F16_2_0545306F
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 7_2_05601772 NtSetInformationProcess,7_2_05601772
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 7_2_05601A36 NtQuerySystemInformation,7_2_05601A36
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 7_2_05601741 NtSetInformationProcess,7_2_05601741
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 7_2_056019FB NtQuerySystemInformation,7_2_056019FB
        Source: purchase order Nl32855 (1).exeStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
        Source: qZEskWcTYJLciB.exe.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
        Source: dhcpmon.exe.7.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
        Source: purchase order Nl32855 (1).exeBinary or memory string: OriginalFilename vs purchase order Nl32855 (1).exe
        Source: purchase order Nl32855 (1).exe, 00000000.00000002.678257023.0000000005130000.00000004.00020000.sdmpBinary or memory string: OriginalFilenameBunifu.UI.dll4 vs purchase order Nl32855 (1).exe
        Source: purchase order Nl32855 (1).exe, 00000000.00000002.676152952.0000000002F8C000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameMajorRevision.exe< vs purchase order Nl32855 (1).exe
        Source: purchase order Nl32855 (1).exe, 00000000.00000002.674723416.0000000000612000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameTLq1z.exeP vs purchase order Nl32855 (1).exe
        Source: purchase order Nl32855 (1).exeBinary or memory string: OriginalFilename vs purchase order Nl32855 (1).exe
        Source: purchase order Nl32855 (1).exe, 00000007.00000002.922693720.0000000006000000.00000004.00020000.sdmpBinary or memory string: OriginalFilenameLzma#.dll4 vs purchase order Nl32855 (1).exe
        Source: purchase order Nl32855 (1).exe, 00000007.00000002.922693720.0000000006000000.00000004.00020000.sdmpBinary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs purchase order Nl32855 (1).exe
        Source: purchase order Nl32855 (1).exe, 00000007.00000000.673881959.0000000000C32000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameTLq1z.exeP vs purchase order Nl32855 (1).exe
        Source: purchase order Nl32855 (1).exe, 00000007.00000002.917579790.0000000003411000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameClientPlugin.dll4 vs purchase order Nl32855 (1).exe
        Source: purchase order Nl32855 (1).exe, 00000007.00000002.917579790.0000000003411000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameNanoProtectClient.dllT vs purchase order Nl32855 (1).exe
        Source: purchase order Nl32855 (1).exe, 00000007.00000002.917081627.000000000143A000.00000004.00000020.sdmpBinary or memory string: OriginalFilenamemscorwks.dllT vs purchase order Nl32855 (1).exe
        Source: purchase order Nl32855 (1).exeBinary or memory string: OriginalFilename vs purchase order Nl32855 (1).exe
        Source: purchase order Nl32855 (1).exe, 0000000A.00000002.703781417.00000000033D2000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameBunifu.UI.dll4 vs purchase order Nl32855 (1).exe
        Source: purchase order Nl32855 (1).exe, 0000000A.00000002.701989732.0000000000CF2000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameTLq1z.exeP vs purchase order Nl32855 (1).exe
        Source: purchase order Nl32855 (1).exe, 0000000A.00000002.704899996.0000000004391000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameMajorRevision.exe< vs purchase order Nl32855 (1).exe
        Source: purchase order Nl32855 (1).exe, 0000000A.00000002.703004416.0000000001479000.00000004.00000020.sdmpBinary or memory string: OriginalFilenamemscorwks.dllT vs purchase order Nl32855 (1).exe
        Source: purchase order Nl32855 (1).exeBinary or memory string: OriginalFilename vs purchase order Nl32855 (1).exe
        Source: purchase order Nl32855 (1).exe, 00000010.00000000.701139570.0000000000A62000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameTLq1z.exeP vs purchase order Nl32855 (1).exe
        Source: purchase order Nl32855 (1).exe, 00000010.00000002.717558485.0000000004301000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameClientPlugin.dll4 vs purchase order Nl32855 (1).exe
        Source: purchase order Nl32855 (1).exe, 00000010.00000002.717558485.0000000004301000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameNanoProtectClient.dllT vs purchase order Nl32855 (1).exe
        Source: purchase order Nl32855 (1).exe, 00000010.00000002.717558485.0000000004301000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameLzma#.dll4 vs purchase order Nl32855 (1).exe
        Source: purchase order Nl32855 (1).exe, 00000010.00000002.717558485.0000000004301000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs purchase order Nl32855 (1).exe
        Source: purchase order Nl32855 (1).exeBinary or memory string: OriginalFilenameTLq1z.exeP vs purchase order Nl32855 (1).exe
        Source: purchase order Nl32855 (1).exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
        Source: qZEskWcTYJLciB.exe.0.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
        Source: dhcpmon.exe.7.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeFile read: C:\Users\user\Desktop\purchase order Nl32855 (1).exeJump to behavior
        Source: purchase order Nl32855 (1).exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\purchase order Nl32855 (1).exe "C:\Users\user\Desktop\purchase order Nl32855 (1).exe"
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\qZEskWcTYJLciB" /XML "C:\Users\user\AppData\Local\Temp\tmpB6B0.tmp
        Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess created: C:\Users\user\Desktop\purchase order Nl32855 (1).exe {path}
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe" /create /f /tn "DHCP Monitor" /xml "C:\Users\user\AppData\Local\Temp\tmp1F1D.tmp
        Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\Users\user\Desktop\purchase order Nl32855 (1).exe "C:\Users\user\Desktop\purchase order Nl32855 (1).exe" 0
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe" /create /f /tn "DHCP Monitor Task" /xml "C:\Users\user\AppData\Local\Temp\tmp2A39.tmp
        Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\qZEskWcTYJLciB" /XML "C:\Users\user\AppData\Local\Temp\tmpE496.tmp
        Source: unknownProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe "C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe" 0
        Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess created: C:\Users\user\Desktop\purchase order Nl32855 (1).exe {path}
        Source: unknownProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe "C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe"
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\qZEskWcTYJLciB" /XML "C:\Users\user\AppData\Local\Temp\tmpF1A6.tmp
        Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\qZEskWcTYJLciB" /XML "C:\Users\user\AppData\Local\Temp\tmpD.tmp
        Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\qZEskWcTYJLciB" /XML "C:\Users\user\AppData\Local\Temp\tmpB6B0.tmpJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess created: C:\Users\user\Desktop\purchase order Nl32855 (1).exe {path}Jump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe" /create /f /tn "DHCP Monitor" /xml "C:\Users\user\AppData\Local\Temp\tmp1F1D.tmpJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe" /create /f /tn "DHCP Monitor Task" /xml "C:\Users\user\AppData\Local\Temp\tmp2A39.tmpJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\qZEskWcTYJLciB" /XML "C:\Users\user\AppData\Local\Temp\tmpE496.tmpJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess created: C:\Users\user\Desktop\purchase order Nl32855 (1).exe {path}Jump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\qZEskWcTYJLciB" /XML "C:\Users\user\AppData\Local\Temp\tmpF1A6.tmpJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}Jump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\qZEskWcTYJLciB" /XML "C:\Users\user\AppData\Local\Temp\tmpD.tmp
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 7_2_056015F6 AdjustTokenPrivileges,7_2_056015F6
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 7_2_056015BF AdjustTokenPrivileges,7_2_056015BF
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeFile created: C:\Users\user\AppData\Roaming\qZEskWcTYJLciB.exeJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeFile created: C:\Users\user\AppData\Local\Temp\tmpB6B0.tmpJump to behavior
        Source: classification engineClassification label: mal100.troj.evad.winEXE@34/14@18/1
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
        Source: 7.0.purchase order Nl32855 (1).exe.400000.8.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
        Source: 7.0.purchase order Nl32855 (1).exe.400000.8.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
        Source: 7.0.purchase order Nl32855 (1).exe.400000.4.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
        Source: 7.0.purchase order Nl32855 (1).exe.400000.4.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
        Source: 7.0.purchase order Nl32855 (1).exe.400000.12.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
        Source: 7.0.purchase order Nl32855 (1).exe.400000.12.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5648:120:WilError_01
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5732:120:WilError_01
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4592:120:WilError_01
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7028:120:WilError_01
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeMutant created: \Sessions\1\BaseNamedObjects\Global\{6c7be0fb-d973-4d3c-b342-92a2df7c960b}
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1328:120:WilError_01
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7152:120:WilError_01
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeFile created: C:\Program Files (x86)\DHCP MonitorJump to behavior
        Source: purchase order Nl32855 (1).exeString found in binary or memory: om red to green to show if its enabled -Enable, Start/Stop, and Close buttons- The Start/Stop button will begin the sleep process. If the Sleep Timer is not enabled, the computer will instantly go to sleep upon pressing it. If the sleep timer is enabled th
        Source: purchase order Nl32855 (1).exeString found in binary or memory: om red to green to show if its enabled -Enable, Start/Stop, and Close buttons- The Start/Stop button will begin the sleep process. If the Sleep Timer is not enabled, the computer will instantly go to sleep upon pressing it. If the sleep timer is enabled th
        Source: purchase order Nl32855 (1).exeString found in binary or memory: om red to green to show if its enabled -Enable, Start/Stop, and Close buttons- The Start/Stop button will begin the sleep process. If the Sleep Timer is not enabled, the computer will instantly go to sleep upon pressing it. If the sleep timer is enabled th
        Source: purchase order Nl32855 (1).exeString found in binary or memory: om red to green to show if its enabled -Enable, Start/Stop, and Close buttons- The Start/Stop button will begin the sleep process. If the Sleep Timer is not enabled, the computer will instantly go to sleep upon pressing it. If the sleep timer is enabled th
        Source: purchase order Nl32855 (1).exeString found in binary or memory: om red to green to show if its enabled -Enable, Start/Stop, and Close buttons- The Start/Stop button will begin the sleep process. If the Sleep Timer is not enabled, the computer will instantly go to sleep upon pressing it. If the sleep timer is enabled th
        Source: purchase order Nl32855 (1).exeString found in binary or memory: om red to green to show if its enabled -Enable, Start/Stop, and Close buttons- The Start/Stop button will begin the sleep process. If the Sleep Timer is not enabled, the computer will instantly go to sleep upon pressing it. If the sleep timer is enabled th
        Source: dhcpmon.exeString found in binary or memory: om red to green to show if its enabled -Enable, Start/Stop, and Close buttons- The Start/Stop button will begin the sleep process. If the Sleep Timer is not enabled, the computer will instantly go to sleep upon pressing it. If the sleep timer is enabled th
        Source: dhcpmon.exeString found in binary or memory: om red to green to show if its enabled -Enable, Start/Stop, and Close buttons- The Start/Stop button will begin the sleep process. If the Sleep Timer is not enabled, the computer will instantly go to sleep upon pressing it. If the sleep timer is enabled th
        Source: purchase order Nl32855 (1).exeString found in binary or memory: om red to green to show if its enabled -Enable, Start/Stop, and Close buttons- The Start/Stop button will begin the sleep process. If the Sleep Timer is not enabled, the computer will instantly go to sleep upon pressing it. If the sleep timer is enabled th
        Source: purchase order Nl32855 (1).exeString found in binary or memory: om red to green to show if its enabled -Enable, Start/Stop, and Close buttons- The Start/Stop button will begin the sleep process. If the Sleep Timer is not enabled, the computer will instantly go to sleep upon pressing it. If the sleep timer is enabled th
        Source: purchase order Nl32855 (1).exeString found in binary or memory: -Enable, Start/Stop, and Close buttons-
        Source: purchase order Nl32855 (1).exeString found in binary or memory: -Enable, Start/Stop, and Close buttons-
        Source: purchase order Nl32855 (1).exeString found in binary or memory: The Start/Stop button will begin the sleep process. If the Sleep Timer is not enabled, the computer will instantly go to sleep upon pressing it. If the sleep timer is enabled the sleep timer will start, and after the sleep timer is ended it will sleep the computer. Prior to pressing the start button, the stop button will take its place. This button stops and resets the timers.
        Source: purchase order Nl32855 (1).exeString found in binary or memory: The Start/Stop button will begin the sleep process. If the Sleep Timer is not enabled, the computer will instantly go to sleep upon pressing it. If the sleep timer is enabled the sleep timer will start, and after the sleep timer is ended it will sleep the computer. Prior to pressing the start button, the stop button will take its place. This button stops and resets the timers.
        Source: purchase order Nl32855 (1).exe, ue000.csCryptographic APIs: 'CreateDecryptor'
        Source: qZEskWcTYJLciB.exe.0.dr, ue000.csCryptographic APIs: 'CreateDecryptor'
        Source: 0.2.purchase order Nl32855 (1).exe.610000.0.unpack, ue000.csCryptographic APIs: 'CreateDecryptor'
        Source: 0.0.purchase order Nl32855 (1).exe.610000.0.unpack, ue000.csCryptographic APIs: 'CreateDecryptor'
        Source: dhcpmon.exe.7.dr, ue000.csCryptographic APIs: 'CreateDecryptor'
        Source: 7.0.purchase order Nl32855 (1).exe.c30000.2.unpack, ue000.csCryptographic APIs: 'CreateDecryptor'
        Source: 7.0.purchase order Nl32855 (1).exe.c30000.9.unpack, ue000.csCryptographic APIs: 'CreateDecryptor'
        Source: 7.0.purchase order Nl32855 (1).exe.c30000.7.unpack, ue000.csCryptographic APIs: 'CreateDecryptor'
        Source: 7.0.purchase order Nl32855 (1).exe.400000.8.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
        Source: 7.0.purchase order Nl32855 (1).exe.400000.8.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
        Source: 7.0.purchase order Nl32855 (1).exe.400000.8.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
        Source: purchase order Nl32855 (1).exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
        Source: purchase order Nl32855 (1).exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
        Source: Binary string: C:\Users\Cole\Documents\Visual Studio 2013\Projects\NanoProtectPlugin\NanoProtectClient\obj\Debug\NanoProtectClient.pdb source: purchase order Nl32855 (1).exe, 00000007.00000002.917579790.0000000003411000.00000004.00000001.sdmp, purchase order Nl32855 (1).exe, 00000010.00000002.717558485.0000000004301000.00000004.00000001.sdmp, dhcpmon.exe, 00000014.00000002.729145629.0000000004881000.00000004.00000001.sdmp, dhcpmon.exe, 0000001B.00000002.744724197.00000000044C1000.00000004.00000001.sdmp

        Data Obfuscation:

        barindex
        .NET source code contains potential unpackerShow sources
        Source: purchase order Nl32855 (1).exe, SmarterTrackTranslator/Form1.cs.Net Code: Q_I3 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
        Source: qZEskWcTYJLciB.exe.0.dr, SmarterTrackTranslator/Form1.cs.Net Code: Q_I3 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
        Source: 0.2.purchase order Nl32855 (1).exe.610000.0.unpack, SmarterTrackTranslator/Form1.cs.Net Code: Q_I3 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
        Source: 0.0.purchase order Nl32855 (1).exe.610000.0.unpack, SmarterTrackTranslator/Form1.cs.Net Code: Q_I3 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
        Source: dhcpmon.exe.7.dr, SmarterTrackTranslator/Form1.cs.Net Code: Q_I3 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
        Source: 7.0.purchase order Nl32855 (1).exe.c30000.2.unpack, SmarterTrackTranslator/Form1.cs.Net Code: Q_I3 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
        Source: 7.0.purchase order Nl32855 (1).exe.c30000.9.unpack, SmarterTrackTranslator/Form1.cs.Net Code: Q_I3 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
        Source: 7.0.purchase order Nl32855 (1).exe.c30000.7.unpack, SmarterTrackTranslator/Form1.cs.Net Code: Q_I3 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
        Source: 7.0.purchase order Nl32855 (1).exe.400000.8.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 7.0.purchase order Nl32855 (1).exe.400000.8.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 7.0.purchase order Nl32855 (1).exe.c30000.0.unpack, SmarterTrackTranslator/Form1.cs.Net Code: Q_I3 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
        Source: 7.0.purchase order Nl32855 (1).exe.400000.12.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 7.0.purchase order Nl32855 (1).exe.400000.12.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 7.0.purchase order Nl32855 (1).exe.c30000.11.unpack, SmarterTrackTranslator/Form1.cs.Net Code: Q_I3 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
        Source: 7.0.purchase order Nl32855 (1).exe.c30000.13.unpack, SmarterTrackTranslator/Form1.cs.Net Code: Q_I3 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
        Source: 7.0.purchase order Nl32855 (1).exe.c30000.1.unpack, SmarterTrackTranslator/Form1.cs.Net Code: Q_I3 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
        Source: 7.0.purchase order Nl32855 (1).exe.c30000.3.unpack, SmarterTrackTranslator/Form1.cs.Net Code: Q_I3 System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
        Source: 7.0.purchase order Nl32855 (1).exe.400000.4.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 7.0.purchase order Nl32855 (1).exe.400000.4.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_0061B846 push 00000000h; iretd 0_2_0061B854
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_06A67E0F push es; retf 0_2_06A67EEC
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_06A687E4 pushfd ; retf 0_2_06A687E5
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_06A670BB push ecx; ret 0_2_06A670BC
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_06A6789C push dword ptr [edx+76h]; iretd 0_2_06A678AC
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_06A62C6F push es; iretd 0_2_06A62C70
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_06A62C77 push es; retn A623h0_2_06A62CA8
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_06A67D68 push es; retf 0_2_06A67EEC
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 0_2_06A67D68 push es; iretd 0_2_06A67F58
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 7_2_00C3B846 push 00000000h; iretd 7_2_00C3B854
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 10_2_00CFB846 push 00000000h; iretd 10_2_00CFB854
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 10_2_0856789C push dword ptr [edx+76h]; iretd 10_2_085678AC
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 10_2_085670BB push ecx; ret 10_2_085670BC
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 10_2_085687E4 pushfd ; retf 10_2_085687E5
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_0087B846 push 00000000h; iretd 14_2_0087B854
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_069C7E8A push es; retf 14_2_069C7EEC
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_069C7EEE push es; retf 14_2_069C7EEC
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_069C7EEE push es; iretd 14_2_069C7F58
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_069C87E4 pushfd ; retf 14_2_069C87E5
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_069C789C push dword ptr [edx+76h]; iretd 14_2_069C78AC
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_069C70BB push ecx; ret 14_2_069C70BC
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_069C2C75 push es; retn 9C23h14_2_069C2CA8
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_069C2C6E push es; iretd 14_2_069C2C70
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_069C7D68 push es; retf 14_2_069C7EEC
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 14_2_069C7D68 push es; iretd 14_2_069C7F58
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 16_2_00A6B846 push 00000000h; iretd 16_2_00A6B854
        Source: initial sampleStatic PE information: section name: .text entropy: 7.63859252241
        Source: initial sampleStatic PE information: section name: .text entropy: 7.63859252241
        Source: initial sampleStatic PE information: section name: .text entropy: 7.63859252241
        Source: 7.0.purchase order Nl32855 (1).exe.400000.8.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
        Source: 7.0.purchase order Nl32855 (1).exe.400000.8.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
        Source: 7.0.purchase order Nl32855 (1).exe.400000.12.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
        Source: 7.0.purchase order Nl32855 (1).exe.400000.12.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
        Source: 7.0.purchase order Nl32855 (1).exe.400000.4.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
        Source: 7.0.purchase order Nl32855 (1).exe.400000.4.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeFile created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeJump to dropped file
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeFile created: C:\Users\user\AppData\Roaming\qZEskWcTYJLciB.exeJump to dropped file

        Boot Survival:

        barindex
        Uses schtasks.exe or at.exe to add and modify task schedulesShow sources
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\qZEskWcTYJLciB" /XML "C:\Users\user\AppData\Local\Temp\tmpB6B0.tmp

        Hooking and other Techniques for Hiding and Protection:

        barindex
        Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeFile opened: C:\Users\user\Desktop\purchase order Nl32855 (1).exe:Zone.Identifier read attributes | deleteJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX

        Malware Analysis System Evasion:

        barindex
        Yara detected AntiVM3Show sources
        Source: Yara matchFile source: Process Memory Space: purchase order Nl32855 (1).exe PID: 6824, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: purchase order Nl32855 (1).exe PID: 4864, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 6700, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 7084, type: MEMORYSTR
        Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
        Source: purchase order Nl32855 (1).exe, 00000000.00000002.676113225.0000000002F59000.00000004.00000001.sdmp, purchase order Nl32855 (1).exe, 0000000A.00000002.703802767.00000000033E9000.00000004.00000001.sdmp, dhcpmon.exe, 0000000E.00000002.713518406.0000000003229000.00000004.00000001.sdmp, dhcpmon.exe, 00000011.00000002.731551928.0000000002CE9000.00000004.00000001.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
        Source: purchase order Nl32855 (1).exe, 00000000.00000002.676113225.0000000002F59000.00000004.00000001.sdmp, purchase order Nl32855 (1).exe, 0000000A.00000002.703802767.00000000033E9000.00000004.00000001.sdmp, dhcpmon.exe, 0000000E.00000002.713518406.0000000003229000.00000004.00000001.sdmp, dhcpmon.exe, 00000011.00000002.731551928.0000000002CE9000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exe TID: 6864Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exe TID: 6712Thread sleep time: -1844674407370954s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exe TID: 6712Thread sleep count: 298 > 30Jump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exe TID: 6712Thread sleep count: 269 > 30Jump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exe TID: 6788Thread sleep count: 54 > 30Jump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exe TID: 6712Thread sleep count: 46 > 30Jump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exe TID: 6684Thread sleep time: -340000s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exe TID: 7116Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 7052Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exe TID: 5036Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 2588Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 2284Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5028Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeThread delayed: delay time: 922337203685477
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeWindow / User API: foregroundWindowGot 878Jump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 7_2_0560181A GetSystemInfo,7_2_0560181A
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeThread delayed: delay time: 922337203685477
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477
        Source: purchase order Nl32855 (1).exe, 00000007.00000002.917126937.000000000149B000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll7
        Source: dhcpmon.exe, 00000011.00000002.730911591.0000000000B80000.00000004.00000020.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}{
        Source: purchase order Nl32855 (1).exe, 00000007.00000002.917126937.000000000149B000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAWY
        Source: dhcpmon.exe, 00000011.00000002.731551928.0000000002CE9000.00000004.00000001.sdmpBinary or memory string: VMware SVGA IIOData Source=localhost\sqlexpress;Initial Catalog=dbSMS;Integrated Security=True
        Source: dhcpmon.exe, 00000011.00000002.731551928.0000000002CE9000.00000004.00000001.sdmpBinary or memory string: vmware
        Source: dhcpmon.exe, 00000011.00000002.731551928.0000000002CE9000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
        Source: dhcpmon.exe, 00000011.00000002.731551928.0000000002CE9000.00000004.00000001.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
        Source: dhcpmon.exe, 00000011.00000002.731551928.0000000002CE9000.00000004.00000001.sdmpBinary or memory string: VMWARE
        Source: dhcpmon.exe, 00000011.00000002.731551928.0000000002CE9000.00000004.00000001.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
        Source: purchase order Nl32855 (1).exe, 0000000A.00000002.703244929.0000000001529000.00000004.00000020.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}r
        Source: dhcpmon.exe, 0000000E.00000002.712642337.00000000010B4000.00000004.00000020.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
        Source: dhcpmon.exe, 00000011.00000002.731551928.0000000002CE9000.00000004.00000001.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
        Source: dhcpmon.exe, 00000011.00000002.731551928.0000000002CE9000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
        Source: dhcpmon.exe, 00000011.00000002.731551928.0000000002CE9000.00000004.00000001.sdmpBinary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess token adjusted: DebugJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess token adjusted: Debug
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeMemory allocated: page read and write | page guardJump to behavior

        HIPS / PFW / Operating System Protection Evasion:

        barindex
        Injects a PE file into a foreign processesShow sources
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeMemory written: C:\Users\user\Desktop\purchase order Nl32855 (1).exe base: 400000 value starts with: 4D5AJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeMemory written: C:\Users\user\Desktop\purchase order Nl32855 (1).exe base: 400000 value starts with: 4D5AJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeMemory written: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe base: 400000 value starts with: 4D5AJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeMemory written: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe base: 400000 value starts with: 4D5A
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\qZEskWcTYJLciB" /XML "C:\Users\user\AppData\Local\Temp\tmpB6B0.tmpJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess created: C:\Users\user\Desktop\purchase order Nl32855 (1).exe {path}Jump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe" /create /f /tn "DHCP Monitor" /xml "C:\Users\user\AppData\Local\Temp\tmp1F1D.tmpJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe" /create /f /tn "DHCP Monitor Task" /xml "C:\Users\user\AppData\Local\Temp\tmp2A39.tmpJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\qZEskWcTYJLciB" /XML "C:\Users\user\AppData\Local\Temp\tmpE496.tmpJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeProcess created: C:\Users\user\Desktop\purchase order Nl32855 (1).exe {path}Jump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\qZEskWcTYJLciB" /XML "C:\Users\user\AppData\Local\Temp\tmpF1A6.tmpJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}Jump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\qZEskWcTYJLciB" /XML "C:\Users\user\AppData\Local\Temp\tmpD.tmp
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}
        Source: purchase order Nl32855 (1).exe, 00000007.00000002.917716998.0000000003598000.00000004.00000001.sdmpBinary or memory string: Program Manager
        Source: purchase order Nl32855 (1).exe, 00000007.00000002.917483603.0000000001B10000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
        Source: purchase order Nl32855 (1).exe, 00000007.00000002.917483603.0000000001B10000.00000002.00020000.sdmpBinary or memory string: Progman
        Source: purchase order Nl32855 (1).exe, 00000007.00000002.917483603.0000000001B10000.00000002.00020000.sdmpBinary or memory string: Progmanlock
        Source: purchase order Nl32855 (1).exe, 00000007.00000002.917684252.000000000353A000.00000004.00000001.sdmpBinary or memory string: Program Manager|9
        Source: purchase order Nl32855 (1).exe, 00000007.00000002.917637756.00000000034A8000.00000004.00000001.sdmpBinary or memory string: Program Manager\6
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Stealing of Sensitive Information:

        barindex
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 27.2.dhcpmon.exe.4513ac3.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.purchase order Nl32855 (1).exe.4482490.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 27.0.dhcpmon.exe.400000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.0.dhcpmon.exe.400000.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.0.dhcpmon.exe.400000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.0.dhcpmon.exe.400000.10.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.2.purchase order Nl32855 (1).exe.434ec86.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.2.purchase order Nl32855 (1).exe.4353ac3.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 27.2.dhcpmon.exe.45194f9.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.0.purchase order Nl32855 (1).exe.400000.10.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.0.purchase order Nl32855 (1).exe.400000.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.0.purchase order Nl32855 (1).exe.400000.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.0.purchase order Nl32855 (1).exe.400000.12.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.0.purchase order Nl32855 (1).exe.400000.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.purchase order Nl32855 (1).exe.4486ab9.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.purchase order Nl32855 (1).exe.4003c38.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.2.purchase order Nl32855 (1).exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.purchase order Nl32855 (1).exe.6000000.10.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 27.0.dhcpmon.exe.400000.10.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.purchase order Nl32855 (1).exe.446db22.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.2.dhcpmon.exe.48cec86.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.0.dhcpmon.exe.400000.12.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.0.dhcpmon.exe.400000.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 27.0.dhcpmon.exe.400000.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.2.dhcpmon.exe.3d93c38.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.0.purchase order Nl32855 (1).exe.400000.12.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.2.purchase order Nl32855 (1).exe.43594f9.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 27.0.dhcpmon.exe.400000.12.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.0.purchase order Nl32855 (1).exe.400000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 14.2.dhcpmon.exe.42d3c38.2.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.purchase order Nl32855 (1).exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.2.purchase order Nl32855 (1).exe.43594f9.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.2.dhcpmon.exe.48d94f9.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 27.0.dhcpmon.exe.400000.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 27.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.2.dhcpmon.exe.48d94f9.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.2.dhcpmon.exe.48d3ac3.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 27.2.dhcpmon.exe.45194f9.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.purchase order Nl32855 (1).exe.6004629.11.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.purchase order Nl32855 (1).exe.405d0e8.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.purchase order Nl32855 (1).exe.6000000.10.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.0.purchase order Nl32855 (1).exe.400000.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.0.purchase order Nl32855 (1).exe.400000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 27.2.dhcpmon.exe.450ec86.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.purchase order Nl32855 (1).exe.4493c38.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.0.purchase order Nl32855 (1).exe.400000.10.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.purchase order Nl32855 (1).exe.4482490.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.purchase order Nl32855 (1).exe.40e14f8.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.2.dhcpmon.exe.3d93c38.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 14.2.dhcpmon.exe.42d3c38.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.purchase order Nl32855 (1).exe.4493c38.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.purchase order Nl32855 (1).exe.4003c38.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000007.00000002.922693720.0000000006000000.00000004.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000000.700142323.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000014.00000002.729145629.0000000004881000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000000.699611919.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000002.744724197.00000000044C1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000000.672319406.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000000.727842390.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000014.00000000.710553542.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000011.00000002.732518649.0000000003C91000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000014.00000000.708011695.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000002.744635827.00000000034C1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.917874645.000000000446B000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000000.698759095.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000000.727053343.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.915976815.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000000.672759409.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000000.726440276.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.704899996.0000000004391000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000002.716328250.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000002.717558485.0000000004301000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000000.673837687.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000014.00000000.709668715.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000002.717504195.0000000003301000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000014.00000002.728891545.0000000003881000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000E.00000002.715852193.00000000041D1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000014.00000002.728031423.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000000.700948566.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000000.728365037.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000002.743854657.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000014.00000000.708878421.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000000.673297217.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.677615387.0000000003F01000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: purchase order Nl32855 (1).exe PID: 6824, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: purchase order Nl32855 (1).exe PID: 1668, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: purchase order Nl32855 (1).exe PID: 4864, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 6700, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: purchase order Nl32855 (1).exe PID: 5580, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 7084, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 6252, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 5984, type: MEMORYSTR

        Remote Access Functionality:

        barindex
        Detected Nanocore RatShow sources
        Source: purchase order Nl32855 (1).exe, 00000000.00000002.677615387.0000000003F01000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: purchase order Nl32855 (1).exe, 00000007.00000002.922693720.0000000006000000.00000004.00020000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: purchase order Nl32855 (1).exe, 00000007.00000002.917579790.0000000003411000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
        Source: purchase order Nl32855 (1).exe, 00000007.00000002.917579790.0000000003411000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoProtectClient.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoProtectClientClientPluginResourcesNanoProtectClient.My.ResourcesMySettingsMySettingsPropertyFunctionsNanoProtectClient.NanoProtectMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CulturevalueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsGetProtectDirectoryGetProtectFileCreateProtectFileKillNanoCoreSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeLogClientMessageSystem.IOFileExistsReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedEnvironmentSpecialFolderGetFolderPathPathCombineExceptionDirectoryDirectoryInfoCreateDirectoryFileStreamCreateProjectDataSetProjectErrorClearProjectErrorProcessGetCurrentProcessKillNanoProtectClient.Resources.resourcesDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeNanoProtectClient.dlla[NanoProtect]: Checking for NanoProtect module..
        Source: purchase order Nl32855 (1).exe, 0000000A.00000002.704899996.0000000004391000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: dhcpmon.exe, 0000000E.00000002.715852193.00000000041D1000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: purchase order Nl32855 (1).exe, 00000010.00000000.700142323.0000000000402000.00000040.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: purchase order Nl32855 (1).exe, 00000010.00000002.717558485.0000000004301000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
        Source: purchase order Nl32855 (1).exe, 00000010.00000002.717558485.0000000004301000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoProtectClient.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoProtectClientClientPluginResourcesNanoProtectClient.My.ResourcesMySettingsMySettingsPropertyFunctionsNanoProtectClient.NanoProtectMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CulturevalueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsGetProtectDirectoryGetProtectFileCreateProtectFileKillNanoCoreSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeLogClientMessageSystem.IOFileExistsReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedEnvironmentSpecialFolderGetFolderPathPathCombineExceptionDirectoryDirectoryInfoCreateDirectoryFileStreamCreateProjectDataSetProjectErrorClearProjectErrorProcessGetCurrentProcessKillNanoProtectClient.Resources.resourcesDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeNanoProtectClient.dlla[NanoProtect]: Checking for NanoProtect module..
        Source: dhcpmon.exe, 00000011.00000002.732518649.0000000003C91000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: dhcpmon.exe, 00000014.00000002.729145629.0000000004881000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: dhcpmon.exe, 00000014.00000002.729145629.0000000004881000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
        Source: dhcpmon.exe, 00000014.00000002.729145629.0000000004881000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoProtectClient.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoProtectClientClientPluginResourcesNanoProtectClient.My.ResourcesMySettingsMySettingsPropertyFunctionsNanoProtectClient.NanoProtectMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CulturevalueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsGetProtectDirectoryGetProtectFileCreateProtectFileKillNanoCoreSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeLogClientMessageSystem.IOFileExistsReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedEnvironmentSpecialFolderGetFolderPathPathCombineExceptionDirectoryDirectoryInfoCreateDirectoryFileStreamCreateProjectDataSetProjectErrorClearProjectErrorProcessGetCurrentProcessKillNanoProtectClient.Resources.resourcesDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeNanoProtectClient.dlla[NanoProtect]: Checking for NanoProtect module..
        Source: dhcpmon.exe, 0000001B.00000002.744724197.00000000044C1000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: dhcpmon.exe, 0000001B.00000002.744724197.00000000044C1000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
        Source: dhcpmon.exe, 0000001B.00000002.744724197.00000000044C1000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoProtectClient.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoProtectClientClientPluginResourcesNanoProtectClient.My.ResourcesMySettingsMySettingsPropertyFunctionsNanoProtectClient.NanoProtectMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CulturevalueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsGetProtectDirectoryGetProtectFileCreateProtectFileKillNanoCoreSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeLogClientMessageSystem.IOFileExistsReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedEnvironmentSpecialFolderGetFolderPathPathCombineExceptionDirectoryDirectoryInfoCreateDirectoryFileStreamCreateProjectDataSetProjectErrorClearProjectErrorProcessGetCurrentProcessKillNanoProtectClient.Resources.resourcesDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeNanoProtectClient.dlla[NanoProtect]: Checking for NanoProtect module..
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 27.2.dhcpmon.exe.4513ac3.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.purchase order Nl32855 (1).exe.4482490.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 27.0.dhcpmon.exe.400000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.0.dhcpmon.exe.400000.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.0.dhcpmon.exe.400000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.0.dhcpmon.exe.400000.10.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.2.purchase order Nl32855 (1).exe.434ec86.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.2.purchase order Nl32855 (1).exe.4353ac3.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 27.2.dhcpmon.exe.45194f9.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.0.purchase order Nl32855 (1).exe.400000.10.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.0.purchase order Nl32855 (1).exe.400000.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.0.purchase order Nl32855 (1).exe.400000.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.0.purchase order Nl32855 (1).exe.400000.12.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.0.purchase order Nl32855 (1).exe.400000.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.purchase order Nl32855 (1).exe.4486ab9.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.purchase order Nl32855 (1).exe.4003c38.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.2.purchase order Nl32855 (1).exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.purchase order Nl32855 (1).exe.6000000.10.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 27.0.dhcpmon.exe.400000.10.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.purchase order Nl32855 (1).exe.446db22.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.2.dhcpmon.exe.48cec86.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.0.dhcpmon.exe.400000.12.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.0.dhcpmon.exe.400000.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 27.0.dhcpmon.exe.400000.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.2.dhcpmon.exe.3d93c38.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.0.purchase order Nl32855 (1).exe.400000.12.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.2.purchase order Nl32855 (1).exe.43594f9.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 27.0.dhcpmon.exe.400000.12.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.0.purchase order Nl32855 (1).exe.400000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 14.2.dhcpmon.exe.42d3c38.2.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.purchase order Nl32855 (1).exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.2.purchase order Nl32855 (1).exe.43594f9.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.2.dhcpmon.exe.48d94f9.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 27.0.dhcpmon.exe.400000.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 27.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.2.dhcpmon.exe.48d94f9.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.2.dhcpmon.exe.48d3ac3.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 27.2.dhcpmon.exe.45194f9.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.purchase order Nl32855 (1).exe.6004629.11.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.purchase order Nl32855 (1).exe.405d0e8.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.purchase order Nl32855 (1).exe.6000000.10.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.0.purchase order Nl32855 (1).exe.400000.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 16.0.purchase order Nl32855 (1).exe.400000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 27.2.dhcpmon.exe.450ec86.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.purchase order Nl32855 (1).exe.4493c38.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.0.purchase order Nl32855 (1).exe.400000.10.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.purchase order Nl32855 (1).exe.4482490.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.purchase order Nl32855 (1).exe.40e14f8.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.2.dhcpmon.exe.3d93c38.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 14.2.dhcpmon.exe.42d3c38.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.purchase order Nl32855 (1).exe.4493c38.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.purchase order Nl32855 (1).exe.4003c38.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000007.00000002.922693720.0000000006000000.00000004.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000000.700142323.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000014.00000002.729145629.0000000004881000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000000.699611919.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000002.744724197.00000000044C1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000000.672319406.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000000.727842390.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000014.00000000.710553542.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000011.00000002.732518649.0000000003C91000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000014.00000000.708011695.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000002.744635827.00000000034C1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.917874645.000000000446B000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000000.698759095.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000000.727053343.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.915976815.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000000.672759409.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000000.726440276.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.704899996.0000000004391000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000002.716328250.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000002.717558485.0000000004301000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000000.673837687.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000014.00000000.709668715.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000002.717504195.0000000003301000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000014.00000002.728891545.0000000003881000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000E.00000002.715852193.00000000041D1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000014.00000002.728031423.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000000.700948566.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000000.728365037.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000002.743854657.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000014.00000000.708878421.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000000.673297217.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.677615387.0000000003F01000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: purchase order Nl32855 (1).exe PID: 6824, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: purchase order Nl32855 (1).exe PID: 1668, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: purchase order Nl32855 (1).exe PID: 4864, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 6700, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: purchase order Nl32855 (1).exe PID: 5580, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 7084, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 6252, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 5984, type: MEMORYSTR
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 7_2_05602B26 bind,7_2_05602B26
        Source: C:\Users\user\Desktop\purchase order Nl32855 (1).exeCode function: 7_2_05602AF6 bind,7_2_05602AF6

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Valid AccountsCommand and Scripting Interpreter2Scheduled Task/Job1Access Token Manipulation1Disable or Modify Tools1Input Capture11File and Directory Discovery1Remote ServicesArchive Collected Data11Exfiltration Over Other Network MediumIngress Tool Transfer1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
        Default AccountsScheduled Task/Job1Boot or Logon Initialization ScriptsProcess Injection112Deobfuscate/Decode Files or Information1LSASS MemorySystem Information Discovery13Remote Desktop ProtocolInput Capture11Exfiltration Over BluetoothEncrypted Channel1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain AccountsAt (Linux)Logon Script (Windows)Scheduled Task/Job1Obfuscated Files or Information3Security Account ManagerQuery Registry1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Standard Port1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Software Packing13NTDSSecurity Software Discovery21Distributed Component Object ModelInput CaptureScheduled TransferRemote Access Software1SIM Card SwapCarrier Billing Fraud
        Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptMasquerading2LSA SecretsProcess Discovery2SSHKeyloggingData Transfer Size LimitsNon-Application Layer Protocol1Manipulate Device CommunicationManipulate App Store Rankings or Ratings
        Replication Through Removable MediaLaunchdRc.commonRc.commonVirtualization/Sandbox Evasion21Cached Domain CredentialsVirtualization/Sandbox Evasion21VNCGUI Input CaptureExfiltration Over C2 ChannelApplication Layer Protocol21Jamming or Denial of ServiceAbuse Accessibility Features
        External Remote ServicesScheduled TaskStartup ItemsStartup ItemsAccess Token Manipulation1DCSyncApplication Window Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
        Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobProcess Injection112Proc FilesystemRemote System Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
        Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Hidden Files and Directories1/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 signatures2 2 Behavior Graph ID: 526200 Sample: purchase order Nl32855 (1).exe Startdate: 22/11/2021 Architecture: WINDOWS Score: 100 69 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->69 71 Found malware configuration 2->71 73 Malicious sample detected (through community Yara rule) 2->73 75 15 other signatures 2->75 8 purchase order Nl32855 (1).exe 6 2->8         started        12 dhcpmon.exe 2->12         started        14 dhcpmon.exe 5 2->14         started        16 purchase order Nl32855 (1).exe 4 2->16         started        process3 file4 61 C:\Users\user\AppData\...\qZEskWcTYJLciB.exe, PE32 8->61 dropped 63 C:\Users\user\AppData\Local\...\tmpB6B0.tmp, XML 8->63 dropped 65 C:\...\purchase order Nl32855 (1).exe.log, ASCII 8->65 dropped 81 Injects a PE file into a foreign processes 8->81 18 purchase order Nl32855 (1).exe 1 15 8->18         started        23 schtasks.exe 1 8->23         started        25 schtasks.exe 12->25         started        27 dhcpmon.exe 12->27         started        37 2 other processes 12->37 29 schtasks.exe 14->29         started        31 dhcpmon.exe 14->31         started        33 schtasks.exe 1 16->33         started        35 purchase order Nl32855 (1).exe 16->35         started        signatures5 process6 dnsIp7 67 lizaelock.ddns.net 194.5.98.139, 49779, 49780, 49783 DANILENKODE Netherlands 18->67 55 C:\Program Files (x86)\...\dhcpmon.exe, PE32 18->55 dropped 57 C:\Users\user\AppData\Roaming\...\run.dat, data 18->57 dropped 59 C:\...\dhcpmon.exe:Zone.Identifier, ASCII 18->59 dropped 77 Protects its processes via BreakOnTermination flag 18->77 79 Hides that the sample has been downloaded from the Internet (zone.identifier) 18->79 39 schtasks.exe 1 18->39         started        41 schtasks.exe 1 18->41         started        43 conhost.exe 23->43         started        45 conhost.exe 25->45         started        47 conhost.exe 29->47         started        49 conhost.exe 33->49         started        file8 signatures9 process10 process11 51 conhost.exe 39->51         started        53 conhost.exe 41->53         started       

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.

        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        purchase order Nl32855 (1).exe100%Joe Sandbox ML

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe100%Joe Sandbox ML
        C:\Users\user\AppData\Roaming\qZEskWcTYJLciB.exe100%Joe Sandbox ML
        C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe20%ReversingLabsByteCode-MSIL.Trojan.Mardom
        C:\Users\user\AppData\Roaming\qZEskWcTYJLciB.exe20%ReversingLabsByteCode-MSIL.Trojan.Mardom

        Unpacked PE Files

        SourceDetectionScannerLabelLinkDownload
        7.2.purchase order Nl32855 (1).exe.4482490.4.unpack100%AviraTR/NanoCore.fadteDownload File
        20.2.dhcpmon.exe.400000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        20.0.dhcpmon.exe.400000.6.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        27.0.dhcpmon.exe.400000.4.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        20.0.dhcpmon.exe.400000.4.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        20.0.dhcpmon.exe.400000.10.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        16.0.purchase order Nl32855 (1).exe.400000.8.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        16.0.purchase order Nl32855 (1).exe.400000.10.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        7.0.purchase order Nl32855 (1).exe.400000.8.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        16.0.purchase order Nl32855 (1).exe.400000.6.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        7.0.purchase order Nl32855 (1).exe.400000.12.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        16.2.purchase order Nl32855 (1).exe.400000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        27.0.dhcpmon.exe.400000.10.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        7.2.purchase order Nl32855 (1).exe.6000000.10.unpack100%AviraTR/NanoCore.fadteDownload File
        20.0.dhcpmon.exe.400000.12.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        27.0.dhcpmon.exe.400000.6.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        20.0.dhcpmon.exe.400000.8.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        16.0.purchase order Nl32855 (1).exe.400000.12.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        27.0.dhcpmon.exe.400000.12.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        7.0.purchase order Nl32855 (1).exe.400000.4.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        7.2.purchase order Nl32855 (1).exe.400000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        27.0.dhcpmon.exe.400000.8.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        27.2.dhcpmon.exe.400000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        7.0.purchase order Nl32855 (1).exe.400000.6.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        16.0.purchase order Nl32855 (1).exe.400000.4.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        7.0.purchase order Nl32855 (1).exe.400000.10.unpack100%AviraTR/Dropper.MSIL.Gen7Download File

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        0%Avira URL Cloudsafe
        http://www.fontbureau.commiv0%Avira URL Cloudsafe
        http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
        http://www.fonts.comro0%Avira URL Cloudsafe
        http://www.tiro.com80%Avira URL Cloudsafe
        http://www.fontbureau.comcomov0%Avira URL Cloudsafe
        http://www.carterandcone.comal0%URL Reputationsafe
        http://www.tiro.com.0%Avira URL Cloudsafe
        http://www.tiro.com0%URL Reputationsafe
        http://www.fonts.comicy0%Avira URL Cloudsafe
        http://www.goodfont.co.kr0%URL Reputationsafe
        http://www.carterandcone.com0%URL Reputationsafe
        http://tempuri.org/REFRWFWFGB.xsdX10%Avira URL Cloudsafe
        http://www.sajatypeworks.com0%URL Reputationsafe
        http://www.typography.netD0%URL Reputationsafe
        http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
        http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
        http://fontfabrik.com0%URL Reputationsafe
        http://www.fontbureau.comtteo0%Avira URL Cloudsafe
        http://www.carterandcone.com80%URL Reputationsafe
        http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
        http://www.sandoll.co.kr0%URL Reputationsafe
        http://www.urwpp.deDPlease0%URL Reputationsafe
        http://www.urwpp.de0%URL Reputationsafe
        http://www.zhongyicts.com.cn0%URL Reputationsafe
        http://www.sakkal.com0%URL Reputationsafe
        http://www.fonts.comx0%URL Reputationsafe
        http://www.fontbureau.comueed0%URL Reputationsafe
        http://www.galapagosdesign.com/0%URL Reputationsafe
        http://www.fontbureau.comF0%URL Reputationsafe
        http://www.fonts.comc0%URL Reputationsafe
        http://www.carterandcone.comgy0%Avira URL Cloudsafe
        http://www.carterandcone.comc0%URL Reputationsafe
        http://www.carterandcone.comTC0%URL Reputationsafe
        http://www.fonts.comTF0%Avira URL Cloudsafe
        http://www.sandoll.co.krn0%Avira URL Cloudsafe
        lizaelock.ddns.net0%Avira URL Cloudsafe
        http://www.tiro.comcoo0%Avira URL Cloudsafe
        http://www.sajatypeworks.com-d0%Avira URL Cloudsafe
        http://www.carterandcone.coml0%URL Reputationsafe
        http://www.founder.com.cn/cn/0%URL Reputationsafe
        http://www.fontbureau.comiond0%Avira URL Cloudsafe
        http://www.founder.com.cn/cn0%URL Reputationsafe
        http://www.fontbureau.comlvfet0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
        http://www.sajatypeworks.coma-d0%URL Reputationsafe
        http://www.fontbureau.como0%URL Reputationsafe
        http://www.sandoll.co.krl)0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        lizaelock.ddns.net
        		194.5.98.139
        		truetrue
          		unknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          true
          • Avira URL Cloud: safe
          		low
          lizaelock.ddns.nettrue
          • Avira URL Cloud: safe
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://www.fontbureau.com/designersGpurchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpfalse
            		high
            http://www.fontbureau.commivpurchase order Nl32855 (1).exe, 00000000.00000003.674530297.0000000005190000.00000004.00000001.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.fontbureau.com/designers/?purchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpfalse
              		high
              http://www.founder.com.cn/cn/bThepurchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://www.fonts.comropurchase order Nl32855 (1).exe, 00000000.00000003.651079254.00000000051AB000.00000004.00000001.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.tiro.com8purchase order Nl32855 (1).exe, 00000000.00000003.651276008.00000000051AB000.00000004.00000001.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.fontbureau.comcomovpurchase order Nl32855 (1).exe, 00000000.00000003.656974223.0000000005194000.00000004.00000001.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.fontbureau.com/designers?purchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpfalse
                		high
                http://www.carterandcone.comalpurchase order Nl32855 (1).exe, 00000000.00000003.653582039.00000000051CE000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.tiro.com.purchase order Nl32855 (1).exe, 00000000.00000003.651256695.00000000051AB000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.tiro.compurchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmp, purchase order Nl32855 (1).exe, 00000000.00000003.651256695.00000000051AB000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.fonts.comicypurchase order Nl32855 (1).exe, 00000000.00000003.651102643.00000000051AB000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.fontbureau.com/designerspurchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpfalse
                  		high
                  http://www.goodfont.co.krpurchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.carterandcone.compurchase order Nl32855 (1).exe, 00000000.00000003.653582039.00000000051CE000.00000004.00000001.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://tempuri.org/REFRWFWFGB.xsdX1purchase order Nl32855 (1).exe, 00000000.00000002.676055738.0000000002F01000.00000004.00000001.sdmp, purchase order Nl32855 (1).exe, 0000000A.00000002.703727445.0000000003391000.00000004.00000001.sdmp, dhcpmon.exe, 0000000E.00000002.713454690.00000000031D1000.00000004.00000001.sdmp, dhcpmon.exe, 00000011.00000002.731487632.0000000002C91000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.fontbureau.com/designersNpurchase order Nl32855 (1).exe, 00000000.00000003.655572984.00000000051CD000.00000004.00000001.sdmpfalse
                    		high
                    http://www.sajatypeworks.compurchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.typography.netDpurchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.founder.com.cn/cn/cThepurchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.galapagosdesign.com/staff/dennis.htmpurchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://fontfabrik.compurchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.fontbureau.com/designerserspurchase order Nl32855 (1).exe, 00000000.00000003.655412203.00000000051CD000.00000004.00000001.sdmpfalse
                      		high
                      http://www.fontbureau.comtteopurchase order Nl32855 (1).exe, 00000000.00000003.656974223.0000000005194000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.carterandcone.com8purchase order Nl32855 (1).exe, 00000000.00000003.653582039.00000000051CE000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.fontbureau.com/designersbpurchase order Nl32855 (1).exe, 00000000.00000003.656766671.00000000051CD000.00000004.00000001.sdmpfalse
                        		high
                        http://www.galapagosdesign.com/DPleasepurchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.fonts.compurchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpfalse
                          		high
                          http://www.sandoll.co.krpurchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.fontbureau.com/designersers6purchase order Nl32855 (1).exe, 00000000.00000003.660819604.00000000051CD000.00000004.00000001.sdmpfalse
                            		high
                            http://www.urwpp.deDPleasepurchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.urwpp.depurchase order Nl32855 (1).exe, 00000000.00000003.656974223.0000000005194000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.zhongyicts.com.cnpurchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.sakkal.compurchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.com/designersopurchase order Nl32855 (1).exe, 00000000.00000003.655412203.00000000051CD000.00000004.00000001.sdmpfalse
                              		high
                              http://www.fonts.comxpurchase order Nl32855 (1).exe, 00000000.00000003.651079254.00000000051AB000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.comueedpurchase order Nl32855 (1).exe, 00000000.00000003.656974223.0000000005194000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.com/designerstpurchase order Nl32855 (1).exe, 00000000.00000003.660853088.00000000051CD000.00000004.00000001.sdmpfalse
                                		high
                                http://www.apache.org/licenses/LICENSE-2.0purchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpfalse
                                  		high
                                  http://www.fontbureau.compurchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpfalse
                                    		high
                                    http://www.galapagosdesign.com/purchase order Nl32855 (1).exe, 00000000.00000003.658391644.000000000519D000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.fontbureau.comFpurchase order Nl32855 (1).exe, 00000000.00000003.656974223.0000000005194000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.fonts.comcpurchase order Nl32855 (1).exe, 00000000.00000003.651079254.00000000051AB000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.carterandcone.comgypurchase order Nl32855 (1).exe, 00000000.00000003.653679924.00000000051CE000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.carterandcone.comcpurchase order Nl32855 (1).exe, 00000000.00000003.653582039.00000000051CE000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.carterandcone.comTCpurchase order Nl32855 (1).exe, 00000000.00000003.653582039.00000000051CE000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.fonts.comTFpurchase order Nl32855 (1).exe, 00000000.00000003.651079254.00000000051AB000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.sandoll.co.krnpurchase order Nl32855 (1).exe, 00000000.00000003.652184825.0000000005199000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.tiro.comcoopurchase order Nl32855 (1).exe, 00000000.00000003.651301668.00000000051AB000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.sajatypeworks.com-dpurchase order Nl32855 (1).exe, 00000000.00000003.651123603.00000000051AB000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.carterandcone.comlpurchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.fontbureau.com/designers)purchase order Nl32855 (1).exe, 00000000.00000003.655594413.00000000051CD000.00000004.00000001.sdmpfalse
                                      		high
                                      http://www.founder.com.cn/cn/purchase order Nl32855 (1).exe, 00000000.00000003.653115791.0000000005194000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.fontbureau.com/designers/cabarga.htmlNpurchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpfalse
                                        		high
                                        http://www.fontbureau.comiondpurchase order Nl32855 (1).exe, 00000000.00000003.656974223.0000000005194000.00000004.00000001.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.founder.com.cn/cnpurchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.fontbureau.com/designers/frere-user.htmlpurchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmp, purchase order Nl32855 (1).exe, 00000000.00000003.655797740.00000000051CD000.00000004.00000001.sdmpfalse
                                          		high
                                          http://www.fontbureau.comlvfetpurchase order Nl32855 (1).exe, 00000000.00000003.674530297.0000000005190000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.jiyu-kobo.co.jp/purchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.sajatypeworks.coma-dpurchase order Nl32855 (1).exe, 00000000.00000003.651123603.00000000051AB000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.fontbureau.comopurchase order Nl32855 (1).exe, 00000000.00000003.674530297.0000000005190000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.fontbureau.com/designers8purchase order Nl32855 (1).exe, 00000000.00000002.678469408.0000000006422000.00000004.00000001.sdmpfalse
                                            		high
                                            http://www.fontbureau.com/designers6purchase order Nl32855 (1).exe, 00000000.00000003.660776049.00000000051CD000.00000004.00000001.sdmpfalse
                                              		high
                                              http://www.sandoll.co.krl)purchase order Nl32855 (1).exe, 00000000.00000003.652184825.0000000005199000.00000004.00000001.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		low
                                              http://www.fontbureau.com/designers:purchase order Nl32855 (1).exe, 00000000.00000003.655594413.00000000051CD000.00000004.00000001.sdmpfalse
                                                		high

                                                Contacted IPs

                                                • No. of IPs < 25%
                                                • 25% < No. of IPs < 50%
                                                • 50% < No. of IPs < 75%
                                                • 75% < No. of IPs

                                                Public

                                                IPDomainCountryFlagASNASN NameMalicious
                                                194.5.98.139
                                                		lizaelock.ddns.netNetherlands
                                                		208476DANILENKODEtrue

                                                General Information

                                                Joe Sandbox Version:34.0.0 Boulder Opal
                                                Analysis ID:526200
                                                Start date:22.11.2021
                                                Start time:11:36:24
                                                Joe Sandbox Product:CloudBasic
                                                Overall analysis duration:0h 12m 34s
                                                Hypervisor based Inspection enabled:false
                                                Report type:full
                                                Sample file name:purchase order Nl32855 (1).exe
                                                Cookbook file name:default.jbs
                                                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                Number of analysed new started processes analysed:36
                                                Number of new started drivers analysed:0
                                                Number of existing processes analysed:0
                                                Number of existing drivers analysed:0
                                                Number of injected processes analysed:0
                                                Technologies:
                                                • HCA enabled
                                                • EGA enabled
                                                • HDC enabled
                                                • AMSI enabled
                                                Analysis Mode:default
                                                Analysis stop reason:Timeout
                                                Detection:MAL
                                                Classification:mal100.troj.evad.winEXE@34/14@18/1
                                                EGA Information:Failed
                                                HDC Information:
                                                • Successful, ratio: 1.8% (good quality ratio 1.6%)
                                                • Quality average: 58.3%
                                                • Quality standard deviation: 19.5%
                                                HCA Information:
                                                • Successful, ratio: 91%
                                                • Number of executed functions: 595
                                                • Number of non-executed functions: 24
                                                Cookbook Comments:
                                                • Adjust boot time
                                                • Enable AMSI
                                                • Found application associated with file extension: .exe
                                                Warnings:
                                                Show All
                                                • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                                                • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                                                • Excluded IPs from analysis (whitelisted): 23.211.6.115
                                                • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, store-images.s-microsoft.com, ctldl.windowsupdate.com, store-images.s-microsoft.com-c.edgekey.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
                                                • Not all processes where analyzed, report is missing behavior information
                                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                • Report size getting too big, too many NtQueryValueKey calls found.

                                                Simulations

                                                Behavior and APIs

                                                TimeTypeDescription
                                                11:37:20API Interceptor890x Sleep call for process: purchase order Nl32855 (1).exe modified
                                                11:37:29Task SchedulerRun new task: DHCP Monitor path: "C:\Users\user\Desktop\purchase order Nl32855 (1).exe" s>$(Arg0)
                                                11:37:29AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run DHCP Monitor C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                                11:37:34Task SchedulerRun new task: DHCP Monitor Task path: "C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe" s>$(Arg0)
                                                11:37:35API Interceptor4x Sleep call for process: dhcpmon.exe modified

                                                Joe Sandbox View / Context

                                                IPs

                                                No context

                                                Domains

                                                No context

                                                ASN

                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                DANILENKODE8mTwU7uNFV.exeGet hashmaliciousBrowse
                                                • 194.5.97.131
                                                KNpmkMT5f3.exeGet hashmaliciousBrowse
                                                • 194.5.98.12
                                                scvRj4lo1E.exeGet hashmaliciousBrowse
                                                • 194.5.98.11
                                                #RFQ ORDER484425083-NJ.exeGet hashmaliciousBrowse
                                                • 194.5.98.120
                                                RzUbuIerbF.exeGet hashmaliciousBrowse
                                                • 194.5.97.207
                                                SIGNED_COPY_IMG_ORDER_...REQUEST_IMG_123456.exeGet hashmaliciousBrowse
                                                • 194.5.98.5
                                                NOA MU21S0029729.exeGet hashmaliciousBrowse
                                                • 194.5.97.207
                                                New purchase order 4940009190,pdf.exeGet hashmaliciousBrowse
                                                • 194.5.97.23
                                                Fattura_del_cliente_V406307-scan.exeGet hashmaliciousBrowse
                                                • 194.5.97.165
                                                ML822VOG-R11.docGet hashmaliciousBrowse
                                                • 194.5.97.131
                                                6Xzgfme0z6.exeGet hashmaliciousBrowse
                                                • 194.5.97.131
                                                ESTADO+10+DE+NOVIEMBRE+DE+2021-101121.pdf.jsGet hashmaliciousBrowse
                                                • 194.5.98.48
                                                RTQFHtPW9x.exeGet hashmaliciousBrowse
                                                • 194.5.98.107
                                                Document#053681.exeGet hashmaliciousBrowse
                                                • 194.5.98.204
                                                4vo6jE1nlG.exeGet hashmaliciousBrowse
                                                • 194.5.97.54
                                                ORDEN DE COMPRA-PDF.exeGet hashmaliciousBrowse
                                                • 194.5.97.149
                                                Confirmation Transfer Copy MT102-Ref No#01018.exeGet hashmaliciousBrowse
                                                • 194.5.98.105
                                                Confirmation Transfer Copy MT102-Ref No-01018.exeGet hashmaliciousBrowse
                                                • 194.5.98.105
                                                PAYMENT COPY EXPORT1024 SCANNED DOCUMENT_pdf.exeGet hashmaliciousBrowse
                                                • 194.5.98.30
                                                proforma invoice.exeGet hashmaliciousBrowse
                                                • 194.5.97.24

                                                JA3 Fingerprints

                                                No context

                                                Dropped Files

                                                No context

                                                Created / dropped Files

                                                C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                                Process:C:\Users\user\Desktop\purchase order Nl32855 (1).exe
                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):905728
                                                Entropy (8bit):7.6297829537885145
                                                Encrypted:false
                                                SSDEEP:24576:PrvL1uC0ETv0RlhBWDhor6xb39C0UxKe4:zjMC0EUWoWxbtC0Ux
                                                MD5:C466151570C893F56D548A9689155656
                                                SHA1:3E779FF5C71F319FC2D3BD4FC577C4769873C47C
                                                SHA-256:DEE5267AF261B8E291B83B01B12C4149204B20754CD1714BD974AE1DAE447A44
                                                SHA-512:3905DEA297E356FD7E79CF78FF74DD3991B982D8644DA7764490AF16E3805D0D5F4008875F84E9963A1108402A7552C2BBBC34C47CBC0BA49DB58FC5E0912D7E
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                • Antivirus: ReversingLabs, Detection: 20%
                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...aA.a..............P.................. ........@.. ....................... ............@.....................................W.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H...........4............................................................0............+G.. .D.L I...Xe [X.#X(....8m..... .L|Y.c 5._.Yf(.......#..xKs.;@(.....+.......+..(....(....,..+..+.-.s....z+...(....(..........(.....o....+..+..*......q.............+"...(.......(.......(.......(....+.(....+..*....0............+F.. .t.. .x.ae.b(....+d....f.b.cf(.......#].j...6@(......(....(.....+.......+...(....#........4.s....z+...(....o....(....+..+..*&..(.....*...0............+:.. ._..
                                                C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe:Zone.Identifier
                                                Process:C:\Users\user\Desktop\purchase order Nl32855 (1).exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):26
                                                Entropy (8bit):3.95006375643621
                                                Encrypted:false
                                                SSDEEP:3:ggPYV:rPYV
                                                MD5:187F488E27DB4AF347237FE461A079AD
                                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                Malicious:true
                                                Preview: [ZoneTransfer]....ZoneId=0
                                                C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\dhcpmon.exe.log
                                                Process:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):664
                                                Entropy (8bit):5.288448637977022
                                                Encrypted:false
                                                SSDEEP:12:Q3LaJU20NaL10Ug+9Yz9t0U29hJ5g1B0U2ukyrFk70U2xANlW3ANv:MLF20NaL3z2p29hJ5g522rW2xAi3A9
                                                MD5:B1DB55991C3DA14E35249AEA1BC357CA
                                                SHA1:0DD2D91198FDEF296441B12F1A906669B279700C
                                                SHA-256:34D3E48321D5010AD2BD1F3F0B728077E4F5A7F70D66FA36B57E5209580B6BDC
                                                SHA-512:BE38A31888C9C2F8047FA9C99672CB985179D325107514B7500DDA9523AE3E1D20B45EACC4E6C8A5D096360D0FBB98A120E63F38FFE324DF8A0559F6890CC801
                                                Malicious:false
                                                Preview: 1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cd7c74fce2a0eab72cd25cbe4bb61614\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\35774dc3cd31b4550ab06c3354cf4ba5\System.Runtime.Remoting.ni.dll",0..
                                                C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\purchase order Nl32855 (1).exe.log
                                                Process:C:\Users\user\Desktop\purchase order Nl32855 (1).exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):664
                                                Entropy (8bit):5.288448637977022
                                                Encrypted:false
                                                SSDEEP:12:Q3LaJU20NaL10Ug+9Yz9t0U29hJ5g1B0U2ukyrFk70U2xANlW3ANv:MLF20NaL3z2p29hJ5g522rW2xAi3A9
                                                MD5:B1DB55991C3DA14E35249AEA1BC357CA
                                                SHA1:0DD2D91198FDEF296441B12F1A906669B279700C
                                                SHA-256:34D3E48321D5010AD2BD1F3F0B728077E4F5A7F70D66FA36B57E5209580B6BDC
                                                SHA-512:BE38A31888C9C2F8047FA9C99672CB985179D325107514B7500DDA9523AE3E1D20B45EACC4E6C8A5D096360D0FBB98A120E63F38FFE324DF8A0559F6890CC801
                                                Malicious:true
                                                Preview: 1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cd7c74fce2a0eab72cd25cbe4bb61614\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\35774dc3cd31b4550ab06c3354cf4ba5\System.Runtime.Remoting.ni.dll",0..
                                                C:\Users\user\AppData\Local\Temp\tmp1F1D.tmp
                                                Process:C:\Users\user\Desktop\purchase order Nl32855 (1).exe
                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):1316
                                                Entropy (8bit):5.121919122223019
                                                Encrypted:false
                                                SSDEEP:24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0Yqoxtn:cbk4oL600QydbQxIYODOLedq3/j
                                                MD5:B3EA453FCBEB8FBF6CAB740016195F59
                                                SHA1:451555DF676B904C4DBB60658A46E29F653010EC
                                                SHA-256:2B040C3DA540034472349FC447F9937078FADD816184A7F32B4E884022591331
                                                SHA-512:B82F4B94E3AF9BE25BD2449AB63438B652F406A66DB75BF8A1C96567F0519A9E413316FC3403E778A7D51699D5318E4BC1339EE65F5608E9036BC82134ECE055
                                                Malicious:false
                                                Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo />.. <Triggers />.. <Principals>.. <Principal id="Author">.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>HighestAvailable</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>.. <AllowHardTerminate>true</AllowHardTerminate>.. <StartWhenAvailable>false</StartWhenAvailable>.. <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>.. <IdleSettings>.. <StopOnIdleEnd>false</StopOnIdleEnd>.. <RestartOnIdle>false</RestartOnIdle>.. </IdleSettings>.. <AllowStartOnDemand>true</AllowStartOnDemand>.. <Enabled>true</Enabled>.. <Hidden>false</Hidden>.. <RunOnlyIfIdle>false</RunOnlyIfIdle>.. <Wak
                                                C:\Users\user\AppData\Local\Temp\tmp2A39.tmp
                                                Process:C:\Users\user\Desktop\purchase order Nl32855 (1).exe
                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):1310
                                                Entropy (8bit):5.109425792877704
                                                Encrypted:false
                                                SSDEEP:24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0R3xtn:cbk4oL600QydbQxIYODOLedq3S3j
                                                MD5:5C2F41CFC6F988C859DA7D727AC2B62A
                                                SHA1:68999C85FC7E37BAB9216E0099836D40D4545C1C
                                                SHA-256:98B6E66B6C2173B9B91FC97FE51805340EFDE978B695453742EBAB631018398B
                                                SHA-512:B5DA5DA378D038AFBF8A7738E47921ED39F9B726E2CAA2993D915D9291A3322F94EFE8CCA6E7AD678A670DB19926B22B20E5028460FCC89CEA7F6635E7557334
                                                Malicious:false
                                                Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo />.. <Triggers />.. <Principals>.. <Principal id="Author">.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>HighestAvailable</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>.. <AllowHardTerminate>true</AllowHardTerminate>.. <StartWhenAvailable>false</StartWhenAvailable>.. <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>.. <IdleSettings>.. <StopOnIdleEnd>false</StopOnIdleEnd>.. <RestartOnIdle>false</RestartOnIdle>.. </IdleSettings>.. <AllowStartOnDemand>true</AllowStartOnDemand>.. <Enabled>true</Enabled>.. <Hidden>false</Hidden>.. <RunOnlyIfIdle>false</RunOnlyIfIdle>.. <Wak
                                                C:\Users\user\AppData\Local\Temp\tmpB6B0.tmp
                                                Process:C:\Users\user\Desktop\purchase order Nl32855 (1).exe
                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):1647
                                                Entropy (8bit):5.194002325084267
                                                Encrypted:false
                                                SSDEEP:24:2dH4+SEqC/S7hblNMFp//rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKBGBtn:cbhK79lNQR/rydbz9I3YODOLNdq34
                                                MD5:F59692EC8A4A1CAF77DF808660F8773D
                                                SHA1:FB7428EEEAB5557BD7B2D86328000D0504F801D4
                                                SHA-256:D6C3A95C1A7F4725FC9DA533F37AE246913F3B247729B5560B0EC34022590C1C
                                                SHA-512:9D3FC95B70EE777A1B5605F92E124C5F4F512760C7303AE3B6914186FA9616AC384FCEE170D31DDF7F28965231F7DFFDD83CBFF932E8BEB293C4347938818B68
                                                Malicious:true
                                                Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo>.. <Date>2014-10-25T14:27:44.8929027</Date>.. <Author>computer\user</Author>.. </RegistrationInfo>.. <Triggers>.. <LogonTrigger>.. <Enabled>true</Enabled>.. <UserId>computer\user</UserId>.. </LogonTrigger>.. <RegistrationTrigger>.. <Enabled>false</Enabled>.. </RegistrationTrigger>.. </Triggers>.. <Principals>.. <Principal id="Author">.. <UserId>computer\user</UserId>.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>LeastPrivilege</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>.. <AllowHardTerminate>false</AllowHardTerminate>.. <StartWhenAvailable>true
                                                C:\Users\user\AppData\Local\Temp\tmpD.tmp
                                                Process:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):1647
                                                Entropy (8bit):5.194002325084267
                                                Encrypted:false
                                                SSDEEP:24:2dH4+SEqC/S7hblNMFp//rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKBGBtn:cbhK79lNQR/rydbz9I3YODOLNdq34
                                                MD5:F59692EC8A4A1CAF77DF808660F8773D
                                                SHA1:FB7428EEEAB5557BD7B2D86328000D0504F801D4
                                                SHA-256:D6C3A95C1A7F4725FC9DA533F37AE246913F3B247729B5560B0EC34022590C1C
                                                SHA-512:9D3FC95B70EE777A1B5605F92E124C5F4F512760C7303AE3B6914186FA9616AC384FCEE170D31DDF7F28965231F7DFFDD83CBFF932E8BEB293C4347938818B68
                                                Malicious:false
                                                Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo>.. <Date>2014-10-25T14:27:44.8929027</Date>.. <Author>computer\user</Author>.. </RegistrationInfo>.. <Triggers>.. <LogonTrigger>.. <Enabled>true</Enabled>.. <UserId>computer\user</UserId>.. </LogonTrigger>.. <RegistrationTrigger>.. <Enabled>false</Enabled>.. </RegistrationTrigger>.. </Triggers>.. <Principals>.. <Principal id="Author">.. <UserId>computer\user</UserId>.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>LeastPrivilege</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>.. <AllowHardTerminate>false</AllowHardTerminate>.. <StartWhenAvailable>true
                                                C:\Users\user\AppData\Local\Temp\tmpE496.tmp
                                                Process:C:\Users\user\Desktop\purchase order Nl32855 (1).exe
                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):1647
                                                Entropy (8bit):5.194002325084267
                                                Encrypted:false
                                                SSDEEP:24:2dH4+SEqC/S7hblNMFp//rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKBGBtn:cbhK79lNQR/rydbz9I3YODOLNdq34
                                                MD5:F59692EC8A4A1CAF77DF808660F8773D
                                                SHA1:FB7428EEEAB5557BD7B2D86328000D0504F801D4
                                                SHA-256:D6C3A95C1A7F4725FC9DA533F37AE246913F3B247729B5560B0EC34022590C1C
                                                SHA-512:9D3FC95B70EE777A1B5605F92E124C5F4F512760C7303AE3B6914186FA9616AC384FCEE170D31DDF7F28965231F7DFFDD83CBFF932E8BEB293C4347938818B68
                                                Malicious:false
                                                Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo>.. <Date>2014-10-25T14:27:44.8929027</Date>.. <Author>computer\user</Author>.. </RegistrationInfo>.. <Triggers>.. <LogonTrigger>.. <Enabled>true</Enabled>.. <UserId>computer\user</UserId>.. </LogonTrigger>.. <RegistrationTrigger>.. <Enabled>false</Enabled>.. </RegistrationTrigger>.. </Triggers>.. <Principals>.. <Principal id="Author">.. <UserId>computer\user</UserId>.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>LeastPrivilege</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>.. <AllowHardTerminate>false</AllowHardTerminate>.. <StartWhenAvailable>true
                                                C:\Users\user\AppData\Local\Temp\tmpF1A6.tmp
                                                Process:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):1647
                                                Entropy (8bit):5.194002325084267
                                                Encrypted:false
                                                SSDEEP:24:2dH4+SEqC/S7hblNMFp//rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKBGBtn:cbhK79lNQR/rydbz9I3YODOLNdq34
                                                MD5:F59692EC8A4A1CAF77DF808660F8773D
                                                SHA1:FB7428EEEAB5557BD7B2D86328000D0504F801D4
                                                SHA-256:D6C3A95C1A7F4725FC9DA533F37AE246913F3B247729B5560B0EC34022590C1C
                                                SHA-512:9D3FC95B70EE777A1B5605F92E124C5F4F512760C7303AE3B6914186FA9616AC384FCEE170D31DDF7F28965231F7DFFDD83CBFF932E8BEB293C4347938818B68
                                                Malicious:false
                                                Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo>.. <Date>2014-10-25T14:27:44.8929027</Date>.. <Author>computer\user</Author>.. </RegistrationInfo>.. <Triggers>.. <LogonTrigger>.. <Enabled>true</Enabled>.. <UserId>computer\user</UserId>.. </LogonTrigger>.. <RegistrationTrigger>.. <Enabled>false</Enabled>.. </RegistrationTrigger>.. </Triggers>.. <Principals>.. <Principal id="Author">.. <UserId>computer\user</UserId>.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>LeastPrivilege</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>.. <AllowHardTerminate>false</AllowHardTerminate>.. <StartWhenAvailable>true
                                                C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat
                                                Process:C:\Users\user\Desktop\purchase order Nl32855 (1).exe
                                                File Type:data
                                                Category:modified
                                                Size (bytes):248
                                                Entropy (8bit):7.094528505897445
                                                Encrypted:false
                                                SSDEEP:6:X4LDAnybgCFcpJSQwP4d7r3l3TmKEt5mT1DhFtMhXvvHOxHB3GDq:X4LEnybgCFCtvd7bl3ThE4T19FtMhXvs
                                                MD5:061E700FE27D852034A5A44BF5985CCF
                                                SHA1:15B072DE6D6FDD92AE36F074345FA41985833E8D
                                                SHA-256:4BBB88AF530693EB4A710B0591D4BAF585837242C5690F5A821BF2FC9CC587CD
                                                SHA-512:CF6C5458AB50C859740490985D1E7E887D1116F3FA947FF2EC49AF9997A42F3402C63EF42B93498544195D9859FBB19CCC295966564B30F5ADB4A36D4E8886C6
                                                Malicious:false
                                                Preview: Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL....f.Z#.|...@HkG....G..O*V..........pz...."....r...w&&|..c..3}~.....~...os..f.......4..1.gJ.'.d".L...A.t...F.{....C.|&.w
                                                C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
                                                Process:C:\Users\user\Desktop\purchase order Nl32855 (1).exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):8
                                                Entropy (8bit):3.0
                                                Encrypted:false
                                                SSDEEP:3:qxUn:qGn
                                                MD5:70C5D1CA98E20B48E039DC2D2F27E9AC
                                                SHA1:1FF2A12B26BBF01273382148CBD51F620C9E9F37
                                                SHA-256:AF8F8563BFAE6FA1C9533608D08204BB60F1B493526451F31946600293BA5E93
                                                SHA-512:415E287E7359A1586B8A0AF6F04E19EA692B22BE0337D0B3ADB374D37F81749695B923C7CE5577D696CDD0F633F150B18D901A28D96B2B81FD706E7C3F646981
                                                Malicious:true
                                                Preview: I......H
                                                C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\task.dat
                                                Process:C:\Users\user\Desktop\purchase order Nl32855 (1).exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):53
                                                Entropy (8bit):4.581299701107217
                                                Encrypted:false
                                                SSDEEP:3:oNt+WfWVQXPlKRAXviFJ:oNwv6flAAXsJ
                                                MD5:39C4FD27C1A6910541DD4EDC5CE47CF3
                                                SHA1:0CE74106ADF74582B293815D490CBA3ED810D48A
                                                SHA-256:89D32A70C724C479490D80EF9840196B498283C1EB5E83A7E753B5BD3DB0461A
                                                SHA-512:910192D172B971BBDD30E3A693876738DB5E43C010A99C8BA3A59498F906F3FC3B61560A05A2311A594DC948BB9FA6DAA39BFD28635FA240C417C6C403D79BE4
                                                Malicious:false
                                                Preview: C:\Users\user\Desktop\purchase order Nl32855 (1).exe
                                                C:\Users\user\AppData\Roaming\qZEskWcTYJLciB.exe
                                                Process:C:\Users\user\Desktop\purchase order Nl32855 (1).exe
                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):905728
                                                Entropy (8bit):7.6297829537885145
                                                Encrypted:false
                                                SSDEEP:24576:PrvL1uC0ETv0RlhBWDhor6xb39C0UxKe4:zjMC0EUWoWxbtC0Ux
                                                MD5:C466151570C893F56D548A9689155656
                                                SHA1:3E779FF5C71F319FC2D3BD4FC577C4769873C47C
                                                SHA-256:DEE5267AF261B8E291B83B01B12C4149204B20754CD1714BD974AE1DAE447A44
                                                SHA-512:3905DEA297E356FD7E79CF78FF74DD3991B982D8644DA7764490AF16E3805D0D5F4008875F84E9963A1108402A7552C2BBBC34C47CBC0BA49DB58FC5E0912D7E
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                • Antivirus: ReversingLabs, Detection: 20%
                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...aA.a..............P.................. ........@.. ....................... ............@.....................................W.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H...........4............................................................0............+G.. .D.L I...Xe [X.#X(....8m..... .L|Y.c 5._.Yf(.......#..xKs.;@(.....+.......+..(....(....,..+..+.-.s....z+...(....(..........(.....o....+..+..*......q.............+"...(.......(.......(.......(....+.(....+..*....0............+F.. .t.. .x.ae.b(....+d....f.b.cf(.......#].j...6@(......(....(.....+.......+...(....#........4.s....z+...(....o....(....+..+..*&..(.....*...0............+:.. ._..

                                                Static File Info

                                                General

                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Entropy (8bit):7.6297829537885145
                                                TrID:
                                                • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                • Win32 Executable (generic) a (10002005/4) 49.75%
                                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                • Windows Screen Saver (13104/52) 0.07%
                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                File name:purchase order Nl32855 (1).exe
                                                File size:905728
                                                MD5:c466151570c893f56d548a9689155656
                                                SHA1:3e779ff5c71f319fc2d3bd4fc577c4769873c47c
                                                SHA256:dee5267af261b8e291b83b01b12c4149204b20754cd1714bd974ae1dae447a44
                                                SHA512:3905dea297e356fd7e79cf78ff74dd3991b982d8644da7764490af16e3805d0d5f4008875f84e9963a1108402a7552c2bbbc34c47cbc0ba49db58fc5e0912d7e
                                                SSDEEP:24576:PrvL1uC0ETv0RlhBWDhor6xb39C0UxKe4:zjMC0EUWoWxbtC0Ux
                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...aA.a..............P.................. ........@.. ....................... ............@................................

                                                File Icon

                                                Icon Hash:00828e8e8686b000

                                                Static PE Info

                                                General

                                                Entrypoint:0x4ddb1e
                                                Entrypoint Section:.text
                                                Digitally signed:false
                                                Imagebase:0x400000
                                                Subsystem:windows gui
                                                Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                Time Stamp:0x619A4161 [Sun Nov 21 12:53:53 2021 UTC]
                                                TLS Callbacks:
                                                CLR (.Net) Version:v2.0.50727
                                                OS Version Major:4
                                                OS Version Minor:0
                                                File Version Major:4
                                                File Version Minor:0
                                                Subsystem Version Major:4
                                                Subsystem Version Minor:0
                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                Entrypoint Preview

                                                Instruction
                                                jmp dword ptr [00402000h]
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al

                                                Data Directories

                                                NameVirtual AddressVirtual Size Is in Section
                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IMPORT0xddac40x57.text
                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xde0000x1200.rsrc
                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xe00000xc.reloc
                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                Sections

                                                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                .text0x20000xdbb240xdbc00False0.766134945606data7.63859252241IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                .rsrc0xde0000x12000x1200False0.366970486111data4.74333942103IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .reloc0xe00000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                Resources

                                                NameRVASizeTypeLanguageCountry
                                                RT_VERSION0xde0900x3b8COM executable for DOS
                                                RT_MANIFEST0xde4580xbfcXML 1.0 document, UTF-8 Unicode (with BOM) text

                                                Imports

                                                DLLImport
                                                mscoree.dll_CorExeMain

                                                Version Infos

                                                DescriptionData
                                                Translation0x0000 0x04b0
                                                LegalCopyrightCopyright 2020 Jesper Hy
                                                Assembly Version0.1.4.0
                                                InternalNameTLq1z.exe
                                                FileVersion0.1.4.0
                                                CompanyName
                                                LegalTrademarks
                                                CommentsCreate and update SmarterTrack translation files
                                                ProductNameSmarterTrack Translator
                                                ProductVersion0.1.4.0
                                                FileDescriptionSmarterTrack Translator
                                                OriginalFilenameTLq1z.exe

                                                Network Behavior

                                                Snort IDS Alerts

                                                TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                11/22/21-11:37:34.054226TCP2025019ET TROJAN Possible NanoCore C2 60B4977952149192.168.2.4194.5.98.139
                                                11/22/21-11:37:39.981039UDP254DNS SPOOF query response with TTL of 1 min. and no authority53645498.8.8.8192.168.2.4
                                                11/22/21-11:37:40.280703TCP2025019ET TROJAN Possible NanoCore C2 60B4978052149192.168.2.4194.5.98.139
                                                11/22/21-11:37:45.790795TCP2025019ET TROJAN Possible NanoCore C2 60B4978352149192.168.2.4194.5.98.139
                                                11/22/21-11:37:50.784357UDP254DNS SPOOF query response with TTL of 1 min. and no authority53537008.8.8.8192.168.2.4
                                                11/22/21-11:37:51.093945TCP2025019ET TROJAN Possible NanoCore C2 60B4978452149192.168.2.4194.5.98.139
                                                11/22/21-11:37:56.610307TCP2025019ET TROJAN Possible NanoCore C2 60B4978552149192.168.2.4194.5.98.139
                                                11/22/21-11:38:02.474522UDP254DNS SPOOF query response with TTL of 1 min. and no authority53567948.8.8.8192.168.2.4
                                                11/22/21-11:38:02.840365TCP2025019ET TROJAN Possible NanoCore C2 60B4978652149192.168.2.4194.5.98.139
                                                11/22/21-11:38:09.136075TCP2025019ET TROJAN Possible NanoCore C2 60B4978852149192.168.2.4194.5.98.139
                                                11/22/21-11:38:15.386754TCP2025019ET TROJAN Possible NanoCore C2 60B4979452149192.168.2.4194.5.98.139
                                                11/22/21-11:38:20.593700TCP2025019ET TROJAN Possible NanoCore C2 60B4982352149192.168.2.4194.5.98.139
                                                11/22/21-11:38:27.289261TCP2025019ET TROJAN Possible NanoCore C2 60B4982552149192.168.2.4194.5.98.139
                                                11/22/21-11:38:33.447629TCP2025019ET TROJAN Possible NanoCore C2 60B4983152149192.168.2.4194.5.98.139
                                                11/22/21-11:38:39.313657UDP254DNS SPOOF query response with TTL of 1 min. and no authority53564488.8.8.8192.168.2.4
                                                11/22/21-11:38:39.748357TCP2025019ET TROJAN Possible NanoCore C2 60B4983352149192.168.2.4194.5.98.139
                                                11/22/21-11:38:45.971112TCP2025019ET TROJAN Possible NanoCore C2 60B4985252149192.168.2.4194.5.98.139
                                                11/22/21-11:38:52.042406UDP254DNS SPOOF query response with TTL of 1 min. and no authority53624208.8.8.8192.168.2.4
                                                11/22/21-11:38:52.332306TCP2025019ET TROJAN Possible NanoCore C2 60B4985752149192.168.2.4194.5.98.139
                                                11/22/21-11:38:58.397492UDP254DNS SPOOF query response with TTL of 1 min. and no authority53501838.8.8.8192.168.2.4
                                                11/22/21-11:38:58.714276TCP2025019ET TROJAN Possible NanoCore C2 60B4986052149192.168.2.4194.5.98.139
                                                11/22/21-11:39:05.164608TCP2025019ET TROJAN Possible NanoCore C2 60B4986352149192.168.2.4194.5.98.139
                                                11/22/21-11:39:11.138794UDP254DNS SPOOF query response with TTL of 1 min. and no authority53597948.8.8.8192.168.2.4
                                                11/22/21-11:39:11.560279TCP2025019ET TROJAN Possible NanoCore C2 60B4986452149192.168.2.4194.5.98.139
                                                11/22/21-11:39:17.458297UDP254DNS SPOOF query response with TTL of 1 min. and no authority53559168.8.8.8192.168.2.4
                                                11/22/21-11:39:17.857507TCP2025019ET TROJAN Possible NanoCore C2 60B4986552149192.168.2.4194.5.98.139

                                                Network Port Distribution

                                                TCP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Nov 22, 2021 11:37:33.657563925 CET4977952149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:37:33.960642099 CET5214949779194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:37:33.961040020 CET4977952149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:37:34.054225922 CET4977952149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:37:34.517971992 CET5214949779194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:37:34.518070936 CET4977952149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:37:34.915007114 CET5214949779194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:37:34.915110111 CET4977952149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:37:35.310714960 CET5214949779194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:37:35.310930014 CET4977952149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:37:35.896308899 CET4977952149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:37:36.023711920 CET5214949779194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:37:36.023832083 CET4977952149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:37:36.215755939 CET5214949779194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:37:36.215831041 CET4977952149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:37:39.988539934 CET4978052149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:37:40.279763937 CET5214949780194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:37:40.279978037 CET4978052149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:37:40.280703068 CET4978052149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:37:40.699724913 CET5214949780194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:37:40.700011015 CET4978052149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:37:41.146317005 CET5214949780194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:37:41.147171974 CET4978052149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:37:41.302428961 CET4978052149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:37:41.485635996 CET5214949780194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:37:41.485831022 CET4978052149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:37:45.393707991 CET4978352149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:37:45.790220022 CET5214949783194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:37:45.790426016 CET4978352149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:37:45.790795088 CET4978352149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:37:46.104109049 CET5214949783194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:37:46.104252100 CET4978352149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:37:46.468703032 CET5214949783194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:37:46.468924046 CET4978352149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:37:46.710056067 CET4978352149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:37:46.835602999 CET5214949783194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:37:46.835834980 CET4978352149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:37:50.786201954 CET4978452149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:37:51.085680008 CET5214949784194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:37:51.085799932 CET4978452149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:37:51.093945026 CET4978452149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:37:51.488317013 CET5214949784194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:37:51.488501072 CET4978452149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:37:51.940798044 CET5214949784194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:37:51.943435907 CET4978452149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:37:52.131788015 CET4978452149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:37:52.404635906 CET5214949784194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:37:52.404736996 CET4978452149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:37:56.289096117 CET4978552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:37:56.608742952 CET5214949785194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:37:56.609030962 CET4978552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:37:56.610306978 CET4978552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:37:57.003567934 CET5214949785194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:37:57.003751040 CET4978552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:37:57.377401114 CET5214949785194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:37:57.377629042 CET4978552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:37:58.069046021 CET4978552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:37:58.315309048 CET5214949785194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:37:58.382075071 CET4978552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:37:58.889358044 CET5214949785194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:37:58.889478922 CET4978552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:02.476890087 CET4978652149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:02.839351892 CET5214949786194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:02.839615107 CET4978652149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:02.840364933 CET4978652149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:03.286972046 CET5214949786194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:03.287015915 CET5214949786194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:03.287174940 CET4978652149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:03.767981052 CET5214949786194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:03.768172979 CET4978652149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:04.200131893 CET5214949786194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:04.200242043 CET4978652149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:04.710655928 CET4978652149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:04.744462967 CET5214949786194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:04.744534016 CET4978652149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:08.817971945 CET4978852149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:09.129748106 CET5214949788194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:09.129883051 CET4978852149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:09.136075020 CET4978852149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:09.765876055 CET5214949788194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:09.768234015 CET4978852149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:10.345861912 CET5214949788194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:10.346057892 CET4978852149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:10.608611107 CET5214949788194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:10.608689070 CET4978852149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:11.039442062 CET4978852149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:11.068403006 CET5214949788194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:11.068568945 CET4978852149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:15.109191895 CET4979452149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:15.385238886 CET5214949794194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:15.385507107 CET4979452149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:15.386754036 CET4979452149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:15.767769098 CET5214949794194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:15.767862082 CET4979452149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:15.808629990 CET5214949794194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:15.809287071 CET4979452149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:16.051676989 CET4979452149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:16.111615896 CET5214949794194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:16.111705065 CET4979452149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:16.228950977 CET5214949794194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:16.229029894 CET4979452149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:20.110143900 CET4982352149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:20.592972040 CET5214949823194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:20.593096018 CET4982352149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:20.593699932 CET4982352149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:20.939028025 CET5214949823194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:20.939107895 CET4982352149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:21.572273016 CET5214949823194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:21.572372913 CET4982352149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:21.930608034 CET5214949823194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:21.930764914 CET4982352149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:22.412719011 CET5214949823194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:22.412796021 CET4982352149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:22.415206909 CET4982352149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:26.740814924 CET4982552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:27.288469076 CET5214949825194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:27.288636923 CET4982552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:27.289261103 CET4982552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:27.659450054 CET5214949825194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:27.659567118 CET4982552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:27.672954082 CET5214949825194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:27.727700949 CET4982552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:28.302978992 CET5214949825194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:28.303067923 CET4982552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:28.649682045 CET4982552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:29.032572031 CET5214949825194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:29.119056940 CET4982552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:29.528868914 CET5214949825194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:29.528975010 CET4982552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:33.194027901 CET4983152149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:33.446929932 CET5214949831194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:33.447129011 CET4983152149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:33.447628975 CET4983152149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:33.719764948 CET5214949831194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:33.719865084 CET4983152149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:34.060524940 CET5214949831194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:34.060621977 CET4983152149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:34.351816893 CET5214949831194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:34.351979017 CET4983152149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:34.789180040 CET5214949831194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:34.789328098 CET4983152149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:35.244240999 CET4983152149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:35.257709980 CET5214949831194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:35.257790089 CET4983152149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:35.427628040 CET5214949831194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:35.427674055 CET5214949831194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:35.427747011 CET4983152149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:35.428030014 CET5214949831194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:35.428111076 CET5214949831194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:35.428111076 CET4983152149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:35.428149939 CET5214949831194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:35.428181887 CET5214949831194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:35.428212881 CET5214949831194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:35.428242922 CET5214949831194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:35.428287029 CET4983152149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:35.428358078 CET5214949831194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:35.428443909 CET4983152149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:35.428452015 CET5214949831194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:35.428515911 CET4983152149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:39.315093994 CET4983352149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:39.747575045 CET5214949833194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:39.747771025 CET4983352149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:39.748357058 CET4983352149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:40.120013952 CET5214949833194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:40.120136976 CET4983352149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:40.665374041 CET5214949833194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:40.665935040 CET4983352149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:40.974967003 CET5214949833194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:40.975069046 CET4983352149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:41.487840891 CET5214949833194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:41.487932920 CET4983352149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:41.573681116 CET4983352149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:42.000910044 CET5214949833194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:42.000998974 CET5214949833194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:42.001044035 CET5214949833194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:42.001050949 CET4983352149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:42.001084089 CET5214949833194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:42.001107931 CET4983352149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:42.001131058 CET4983352149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:42.001135111 CET4983352149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:42.006285906 CET5214949833194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:42.006345034 CET5214949833194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:42.006383896 CET4983352149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:42.006411076 CET4983352149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:42.007462978 CET5214949833194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:42.007505894 CET5214949833194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:42.007541895 CET5214949833194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:42.007555962 CET4983352149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:42.007590055 CET4983352149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:42.008012056 CET5214949833194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:42.008049965 CET5214949833194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:42.008064985 CET4983352149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:42.008095980 CET4983352149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:45.654633999 CET4985252149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:45.970341921 CET5214949852194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:45.970443010 CET4985252149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:45.971112013 CET4985252149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:46.407866001 CET5214949852194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:46.408166885 CET4985252149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:46.804543972 CET5214949852194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:46.804747105 CET4985252149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:47.510637999 CET4985252149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:47.912874937 CET5214949852194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:47.964118004 CET4985252149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:48.306477070 CET5214949852194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:48.306548119 CET4985252149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:52.044507027 CET4985752149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:52.330332041 CET5214949857194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:52.331945896 CET4985752149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:52.332305908 CET4985752149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:52.964188099 CET4985752149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:53.294512987 CET5214949857194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:53.294593096 CET4985752149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:53.687196970 CET5214949857194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:53.855031013 CET4985752149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:54.199232101 CET4985752149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:54.407715082 CET5214949857194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:54.407850981 CET4985752149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:54.448980093 CET5214949857194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:54.449049950 CET4985752149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:58.399595022 CET4986052149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:58.713439941 CET5214949860194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:58.713558912 CET4986052149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:58.714276075 CET4986052149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:59.217397928 CET5214949860194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:59.217504025 CET4986052149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:38:59.618645906 CET5214949860194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:38:59.618730068 CET4986052149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:00.168634892 CET5214949860194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:00.168709040 CET4986052149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:00.705560923 CET4986052149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:00.918097019 CET5214949860194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:00.918165922 CET4986052149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:01.051590919 CET5214949860194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:01.051696062 CET4986052149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:04.791290998 CET4986352149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:05.163762093 CET5214949863194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:05.163999081 CET4986352149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:05.164608002 CET4986352149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:05.650479078 CET5214949863194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:05.650742054 CET4986352149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:06.034352064 CET5214949863194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:06.034442902 CET4986352149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:06.403641939 CET5214949863194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:06.403748989 CET4986352149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:07.043884039 CET4986352149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:07.063287020 CET5214949863194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:07.065162897 CET4986352149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:11.141016006 CET4986452149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:11.559654951 CET5214949864194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:11.559886932 CET4986452149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:11.560278893 CET4986452149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:11.961724997 CET5214949864194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:11.961931944 CET4986452149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:12.082189083 CET5214949864194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:12.082312107 CET4986452149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:12.350049019 CET5214949864194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:12.350441933 CET4986452149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:12.677745104 CET5214949864194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:12.681345940 CET4986452149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:13.176547050 CET5214949864194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:13.176779985 CET4986452149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:13.388668060 CET4986452149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:13.637594938 CET5214949864194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:13.637943029 CET4986452149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:13.768059969 CET5214949864194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:13.768187046 CET4986452149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:13.779805899 CET5214949864194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:13.779850960 CET5214949864194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:13.779941082 CET4986452149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:13.780016899 CET4986452149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:13.790716887 CET5214949864194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:13.790760994 CET5214949864194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:13.790842056 CET4986452149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:13.790904999 CET4986452149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:13.791120052 CET5214949864194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:13.791194916 CET4986452149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:13.791228056 CET5214949864194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:13.791316986 CET4986452149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:13.791462898 CET5214949864194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:13.791503906 CET5214949864194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:13.791527987 CET4986452149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:13.791575909 CET4986452149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:13.791688919 CET5214949864194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:13.791757107 CET4986452149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:17.462032080 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:17.855859041 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:17.856142044 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:17.857506990 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:18.253882885 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:18.254008055 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:18.652599096 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:18.652738094 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:19.099592924 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:19.100819111 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:19.534753084 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:19.595310926 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:19.595421076 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:19.595459938 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:19.595499992 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:19.595537901 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:19.595654011 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:19.595705032 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:19.624691963 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:19.624748945 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:19.624787092 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:19.624825001 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:19.624921083 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:19.624924898 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:19.624982119 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.042603016 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.042659044 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.042695999 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.042749882 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.047936916 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.047979116 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.048016071 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.048053980 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.048069000 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.048101902 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.048108101 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.048139095 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.048208952 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.049067020 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.049107075 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.049127102 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.049855947 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.049911976 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.049951077 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.049961090 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.049988985 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.050014019 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.050026894 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.050080061 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.050103903 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.050133944 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.050184965 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.050200939 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.050225973 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.050283909 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.311399937 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.311459064 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.311513901 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.311604023 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.311640024 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.311700106 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.311708927 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.311719894 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.311768055 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.311773062 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.311789036 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.311825037 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.311841965 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.324443102 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.324470997 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.324493885 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.324532986 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.324552059 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.324573040 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.324583054 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.324604988 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.324621916 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.324630022 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.325433969 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.406488895 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.406553984 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.406594038 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.406645060 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.406723976 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.406754017 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.406775951 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.406833887 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.406840086 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.406946898 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.406966925 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.407001972 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.450985909 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.536633968 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.536663055 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.536679983 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.536844015 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.539124966 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.539149046 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.539279938 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.539285898 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.539302111 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.539324045 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.539330006 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.539376020 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.539417028 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.539860010 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.540604115 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.540678024 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.547785997 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.547806025 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.547905922 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.547910929 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.547930956 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.547951937 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.547960997 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.547997952 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.650906086 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.651084900 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.651274920 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.651746988 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.651768923 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.651787996 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.651844025 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.651864052 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.651879072 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.651899099 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.652019978 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.652040005 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.652059078 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.652079105 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.652098894 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.656162024 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.656183004 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.656255960 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.659142971 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.659163952 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.659178972 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.659194946 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.659250021 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.659303904 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.659307957 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.659316063 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.659323931 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.659374952 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.659460068 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.659480095 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.659516096 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.659533024 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.659553051 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.659580946 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.660625935 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.662256002 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.665050030 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.665076971 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.666312933 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.749124050 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.749152899 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.749270916 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.749291897 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.749310017 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.749370098 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.749372005 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.749391079 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.749394894 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.749423027 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.762177944 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.762207031 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.762319088 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.902771950 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.902798891 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.902818918 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.902838945 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.902859926 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.902952909 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.902981043 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.910113096 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.910137892 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.910182953 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.910206079 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.910209894 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.910223961 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.910227060 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.910248041 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.910274982 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.910291910 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.910365105 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.910408020 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.910547972 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.910588980 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.910613060 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.910706997 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.914258957 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.926022053 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.926059961 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.926085949 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.926110029 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.926132917 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.926143885 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.926157951 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.926181078 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.926183939 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.926206112 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.926208019 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.926248074 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.944669008 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.944699049 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.944720030 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.944741011 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.944761992 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.944782019 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.944793940 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.944802046 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.944823027 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.944842100 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.944843054 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.944874048 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.944884062 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.944905043 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.944925070 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.944925070 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.944946051 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.944967031 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.944986105 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.944987059 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.945008039 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.945019007 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.945048094 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:20.957581043 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.957612991 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:20.957726955 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.043387890 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.043430090 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.043459892 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.043492079 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.043519974 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.043581963 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.043621063 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.058311939 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.059048891 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.059077024 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.059108019 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.059214115 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.059248924 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.288208961 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.288264990 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.288305998 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.288368940 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.288405895 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.288443089 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.288464069 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.288481951 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.288487911 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.288520098 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.288536072 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.288563967 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.288578987 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.288618088 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.289191961 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.289266109 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.289383888 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.289424896 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.289442062 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.289460897 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.289504051 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.289546013 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.289554119 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.289582968 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.289585114 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.289618969 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.289657116 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.289704084 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.304632902 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.304688931 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.304778099 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.309171915 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.309248924 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.309288025 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.309330940 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.309382915 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.309395075 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.309397936 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.309439898 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.309474945 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.309485912 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.309513092 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.309516907 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.319499969 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.319552898 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.319602013 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.319638014 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.319638968 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.319672108 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.319677114 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.319715023 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.319719076 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.319753885 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.319792032 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.319828033 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.319839001 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.319869995 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.320379972 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.320468903 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.322293043 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.323832035 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.327687979 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.327729940 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.328062057 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.341618061 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.341660023 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.341725111 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.366364956 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.366417885 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.366563082 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.366868973 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.366909027 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.366951942 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.366991997 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.367005110 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.367027998 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.367034912 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.367065907 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.370292902 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.579683065 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.579754114 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.579792023 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.579828024 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.579862118 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.579895973 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.579930067 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.579931974 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.579962969 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.579973936 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.579979897 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.579998970 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.580017090 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.580034018 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.580081940 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.580375910 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.595762968 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.595817089 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.595834017 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.595897913 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.595956087 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.595958948 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.595998049 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.596036911 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.596050978 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.596072912 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.596112013 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.596138954 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.596155882 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.596191883 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.596204042 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.596229076 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.596280098 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.619729996 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.619784117 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.619837046 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.619844913 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.619873047 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.619925976 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.619931936 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.619971037 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.620009899 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.620024920 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.620066881 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.620102882 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.620119095 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.620141029 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.620187998 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.620297909 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.645073891 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.645119905 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.645159006 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.645252943 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.645292044 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.645312071 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.650474072 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.650530100 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.650544882 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.650614023 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.650655031 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.650671959 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.650691986 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.650729895 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.650746107 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.650768042 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.650866032 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.666173935 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.666198015 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.666310072 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.666316032 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.697771072 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.697855949 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.701586962 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.701632023 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.701683044 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.701687098 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.701723099 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.701776028 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.701781034 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.701833010 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.701870918 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.701879978 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.701925993 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.701963902 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.701982021 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.702096939 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.702137947 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.702152014 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.702176094 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.702327967 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.724987030 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.725042105 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.725100994 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.733161926 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.733221054 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.733283043 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.985428095 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.985479116 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:21.985559940 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:21.999602079 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:22.006098986 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:22.006210089 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:22.149854898 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:22.514609098 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:22.781706095 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:22.801182985 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:23.136570930 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:23.145477057 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:23.754617929 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:23.754702091 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:23.754757881 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:23.810611010 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:24.133795977 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:24.133838892 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:24.133867979 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:24.136147022 CET4986552149192.168.2.4194.5.98.139
                                                Nov 22, 2021 11:39:24.457307100 CET5214949865194.5.98.139192.168.2.4
                                                Nov 22, 2021 11:39:24.457859993 CET4986552149192.168.2.4194.5.98.139

                                                UDP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Nov 22, 2021 11:37:33.626980066 CET5585453192.168.2.48.8.8.8
                                                Nov 22, 2021 11:37:33.647224903 CET53558548.8.8.8192.168.2.4
                                                Nov 22, 2021 11:37:39.959726095 CET6454953192.168.2.48.8.8.8
                                                Nov 22, 2021 11:37:39.981039047 CET53645498.8.8.8192.168.2.4
                                                Nov 22, 2021 11:37:45.372292995 CET5299153192.168.2.48.8.8.8
                                                Nov 22, 2021 11:37:45.391844988 CET53529918.8.8.8192.168.2.4
                                                Nov 22, 2021 11:37:50.764760971 CET5370053192.168.2.48.8.8.8
                                                Nov 22, 2021 11:37:50.784357071 CET53537008.8.8.8192.168.2.4
                                                Nov 22, 2021 11:37:56.182887077 CET5172653192.168.2.48.8.8.8
                                                Nov 22, 2021 11:37:56.202613115 CET53517268.8.8.8192.168.2.4
                                                Nov 22, 2021 11:38:02.453110933 CET5679453192.168.2.48.8.8.8
                                                Nov 22, 2021 11:38:02.474522114 CET53567948.8.8.8192.168.2.4
                                                Nov 22, 2021 11:38:08.798513889 CET5662753192.168.2.48.8.8.8
                                                Nov 22, 2021 11:38:08.816556931 CET53566278.8.8.8192.168.2.4
                                                Nov 22, 2021 11:38:15.088176966 CET6172153192.168.2.48.8.8.8
                                                Nov 22, 2021 11:38:15.107410908 CET53617218.8.8.8192.168.2.4
                                                Nov 22, 2021 11:38:20.087798119 CET4961253192.168.2.48.8.8.8
                                                Nov 22, 2021 11:38:20.107250929 CET53496128.8.8.8192.168.2.4
                                                Nov 22, 2021 11:38:26.719784975 CET4928553192.168.2.48.8.8.8
                                                Nov 22, 2021 11:38:26.739308119 CET53492858.8.8.8192.168.2.4
                                                Nov 22, 2021 11:38:33.171699047 CET6087553192.168.2.48.8.8.8
                                                Nov 22, 2021 11:38:33.191854000 CET53608758.8.8.8192.168.2.4
                                                Nov 22, 2021 11:38:39.291726112 CET5644853192.168.2.48.8.8.8
                                                Nov 22, 2021 11:38:39.313657045 CET53564488.8.8.8192.168.2.4
                                                Nov 22, 2021 11:38:45.632385969 CET5917253192.168.2.48.8.8.8
                                                Nov 22, 2021 11:38:45.652359962 CET53591728.8.8.8192.168.2.4
                                                Nov 22, 2021 11:38:52.021179914 CET6242053192.168.2.48.8.8.8
                                                Nov 22, 2021 11:38:52.042406082 CET53624208.8.8.8192.168.2.4
                                                Nov 22, 2021 11:38:58.375895023 CET5018353192.168.2.48.8.8.8
                                                Nov 22, 2021 11:38:58.397491932 CET53501838.8.8.8192.168.2.4
                                                Nov 22, 2021 11:39:04.771280050 CET4922853192.168.2.48.8.8.8
                                                Nov 22, 2021 11:39:04.789175987 CET53492288.8.8.8192.168.2.4
                                                Nov 22, 2021 11:39:11.117847919 CET5979453192.168.2.48.8.8.8
                                                Nov 22, 2021 11:39:11.138793945 CET53597948.8.8.8192.168.2.4
                                                Nov 22, 2021 11:39:17.438092947 CET5591653192.168.2.48.8.8.8
                                                Nov 22, 2021 11:39:17.458297014 CET53559168.8.8.8192.168.2.4

                                                DNS Queries

                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                Nov 22, 2021 11:37:33.626980066 CET192.168.2.48.8.8.80xea7eStandard query (0)lizaelock.ddns.netA (IP address)IN (0x0001)
                                                Nov 22, 2021 11:37:39.959726095 CET192.168.2.48.8.8.80xb95cStandard query (0)lizaelock.ddns.netA (IP address)IN (0x0001)
                                                Nov 22, 2021 11:37:45.372292995 CET192.168.2.48.8.8.80x5a37Standard query (0)lizaelock.ddns.netA (IP address)IN (0x0001)
                                                Nov 22, 2021 11:37:50.764760971 CET192.168.2.48.8.8.80xcbbaStandard query (0)lizaelock.ddns.netA (IP address)IN (0x0001)
                                                Nov 22, 2021 11:37:56.182887077 CET192.168.2.48.8.8.80xf125Standard query (0)lizaelock.ddns.netA (IP address)IN (0x0001)
                                                Nov 22, 2021 11:38:02.453110933 CET192.168.2.48.8.8.80x210Standard query (0)lizaelock.ddns.netA (IP address)IN (0x0001)
                                                Nov 22, 2021 11:38:08.798513889 CET192.168.2.48.8.8.80xd416Standard query (0)lizaelock.ddns.netA (IP address)IN (0x0001)
                                                Nov 22, 2021 11:38:15.088176966 CET192.168.2.48.8.8.80x396cStandard query (0)lizaelock.ddns.netA (IP address)IN (0x0001)
                                                Nov 22, 2021 11:38:20.087798119 CET192.168.2.48.8.8.80xc84cStandard query (0)lizaelock.ddns.netA (IP address)IN (0x0001)
                                                Nov 22, 2021 11:38:26.719784975 CET192.168.2.48.8.8.80xb72bStandard query (0)lizaelock.ddns.netA (IP address)IN (0x0001)
                                                Nov 22, 2021 11:38:33.171699047 CET192.168.2.48.8.8.80x486fStandard query (0)lizaelock.ddns.netA (IP address)IN (0x0001)
                                                Nov 22, 2021 11:38:39.291726112 CET192.168.2.48.8.8.80x1b2fStandard query (0)lizaelock.ddns.netA (IP address)IN (0x0001)
                                                Nov 22, 2021 11:38:45.632385969 CET192.168.2.48.8.8.80x97fcStandard query (0)lizaelock.ddns.netA (IP address)IN (0x0001)
                                                Nov 22, 2021 11:38:52.021179914 CET192.168.2.48.8.8.80x80caStandard query (0)lizaelock.ddns.netA (IP address)IN (0x0001)
                                                Nov 22, 2021 11:38:58.375895023 CET192.168.2.48.8.8.80x122eStandard query (0)lizaelock.ddns.netA (IP address)IN (0x0001)
                                                Nov 22, 2021 11:39:04.771280050 CET192.168.2.48.8.8.80x8969Standard query (0)lizaelock.ddns.netA (IP address)IN (0x0001)
                                                Nov 22, 2021 11:39:11.117847919 CET192.168.2.48.8.8.80x207eStandard query (0)lizaelock.ddns.netA (IP address)IN (0x0001)
                                                Nov 22, 2021 11:39:17.438092947 CET192.168.2.48.8.8.80x5edaStandard query (0)lizaelock.ddns.netA (IP address)IN (0x0001)

                                                DNS Answers

                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                Nov 22, 2021 11:37:33.647224903 CET8.8.8.8192.168.2.40xea7eNo error (0)lizaelock.ddns.net194.5.98.139A (IP address)IN (0x0001)
                                                Nov 22, 2021 11:37:39.981039047 CET8.8.8.8192.168.2.40xb95cNo error (0)lizaelock.ddns.net194.5.98.139A (IP address)IN (0x0001)
                                                Nov 22, 2021 11:37:45.391844988 CET8.8.8.8192.168.2.40x5a37No error (0)lizaelock.ddns.net194.5.98.139A (IP address)IN (0x0001)
                                                Nov 22, 2021 11:37:50.784357071 CET8.8.8.8192.168.2.40xcbbaNo error (0)lizaelock.ddns.net194.5.98.139A (IP address)IN (0x0001)
                                                Nov 22, 2021 11:37:56.202613115 CET8.8.8.8192.168.2.40xf125No error (0)lizaelock.ddns.net194.5.98.139A (IP address)IN (0x0001)
                                                Nov 22, 2021 11:38:02.474522114 CET8.8.8.8192.168.2.40x210No error (0)lizaelock.ddns.net194.5.98.139A (IP address)IN (0x0001)
                                                Nov 22, 2021 11:38:08.816556931 CET8.8.8.8192.168.2.40xd416No error (0)lizaelock.ddns.net194.5.98.139A (IP address)IN (0x0001)
                                                Nov 22, 2021 11:38:15.107410908 CET8.8.8.8192.168.2.40x396cNo error (0)lizaelock.ddns.net194.5.98.139A (IP address)IN (0x0001)
                                                Nov 22, 2021 11:38:20.107250929 CET8.8.8.8192.168.2.40xc84cNo error (0)lizaelock.ddns.net194.5.98.139A (IP address)IN (0x0001)
                                                Nov 22, 2021 11:38:26.739308119 CET8.8.8.8192.168.2.40xb72bNo error (0)lizaelock.ddns.net194.5.98.139A (IP address)IN (0x0001)
                                                Nov 22, 2021 11:38:33.191854000 CET8.8.8.8192.168.2.40x486fNo error (0)lizaelock.ddns.net194.5.98.139A (IP address)IN (0x0001)
                                                Nov 22, 2021 11:38:39.313657045 CET8.8.8.8192.168.2.40x1b2fNo error (0)lizaelock.ddns.net194.5.98.139A (IP address)IN (0x0001)
                                                Nov 22, 2021 11:38:45.652359962 CET8.8.8.8192.168.2.40x97fcNo error (0)lizaelock.ddns.net194.5.98.139A (IP address)IN (0x0001)
                                                Nov 22, 2021 11:38:52.042406082 CET8.8.8.8192.168.2.40x80caNo error (0)lizaelock.ddns.net194.5.98.139A (IP address)IN (0x0001)
                                                Nov 22, 2021 11:38:58.397491932 CET8.8.8.8192.168.2.40x122eNo error (0)lizaelock.ddns.net194.5.98.139A (IP address)IN (0x0001)
                                                Nov 22, 2021 11:39:04.789175987 CET8.8.8.8192.168.2.40x8969No error (0)lizaelock.ddns.net194.5.98.139A (IP address)IN (0x0001)
                                                Nov 22, 2021 11:39:11.138793945 CET8.8.8.8192.168.2.40x207eNo error (0)lizaelock.ddns.net194.5.98.139A (IP address)IN (0x0001)
                                                Nov 22, 2021 11:39:17.458297014 CET8.8.8.8192.168.2.40x5edaNo error (0)lizaelock.ddns.net194.5.98.139A (IP address)IN (0x0001)

                                                Code Manipulations

                                                Statistics

                                                CPU Usage

                                                Click to jump to process

                                                Memory Usage

                                                Click to jump to process

                                                High Level Behavior Distribution

                                                Click to dive into process behavior distribution

                                                Behavior

                                                Click to jump to process

                                                System Behavior

                                                Analysis Process: purchase order Nl32855 (1).exe PID: 6824 Parent PID: 6012

                                                General

                                                Start time:11:37:14
                                                Start date:22/11/2021
                                                Path:C:\Users\user\Desktop\purchase order Nl32855 (1).exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\Desktop\purchase order Nl32855 (1).exe"
                                                Imagebase:0x610000
                                                File size:905728 bytes
                                                MD5 hash:C466151570C893F56D548A9689155656
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:.Net C# or VB.NET
                                                Yara matches:
                                                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.677615387.0000000003F01000.00000004.00000001.sdmp, Author: Florian Roth
                                                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.677615387.0000000003F01000.00000004.00000001.sdmp, Author: Joe Security
                                                • Rule: NanoCore, Description: unknown, Source: 00000000.00000002.677615387.0000000003F01000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                Reputation:low

                                                Chronological Activities

                                                Analysis Process: schtasks.exe PID: 5936 Parent PID: 6824

                                                General

                                                Start time:11:37:22
                                                Start date:22/11/2021
                                                Path:C:\Windows\SysWOW64\schtasks.exe
                                                Wow64 process (32bit):true
                                                Commandline:C:\Windows\System32\schtasks.exe" /Create /TN "Updates\qZEskWcTYJLciB" /XML "C:\Users\user\AppData\Local\Temp\tmpB6B0.tmp
                                                Imagebase:0xc20000
                                                File size:185856 bytes
                                                MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high

                                                Chronological Activities

                                                Analysis Process: conhost.exe PID: 1328 Parent PID: 5936

                                                General

                                                Start time:11:37:23
                                                Start date:22/11/2021
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff724c50000
                                                File size:625664 bytes
                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high

                                                Chronological Activities

                                                Analysis Process: purchase order Nl32855 (1).exe PID: 1668 Parent PID: 6824

                                                General

                                                Start time:11:37:24
                                                Start date:22/11/2021
                                                Path:C:\Users\user\Desktop\purchase order Nl32855 (1).exe
                                                Wow64 process (32bit):true
                                                Commandline:{path}
                                                Imagebase:0xc30000
                                                File size:905728 bytes
                                                MD5 hash:C466151570C893F56D548A9689155656
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:.Net C# or VB.NET
                                                Yara matches:
                                                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000007.00000002.922693720.0000000006000000.00000004.00020000.sdmp, Author: Florian Roth
                                                • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000007.00000002.922693720.0000000006000000.00000004.00020000.sdmp, Author: Florian Roth
                                                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000007.00000002.922693720.0000000006000000.00000004.00020000.sdmp, Author: Joe Security
                                                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000007.00000000.672319406.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000007.00000000.672319406.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                • Rule: NanoCore, Description: unknown, Source: 00000007.00000000.672319406.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000007.00000002.917874645.000000000446B000.00000004.00000001.sdmp, Author: Joe Security
                                                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000007.00000002.922681658.0000000005FF0000.00000004.00020000.sdmp, Author: Florian Roth
                                                • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000007.00000002.922681658.0000000005FF0000.00000004.00020000.sdmp, Author: Florian Roth
                                                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000007.00000002.915976815.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000007.00000002.915976815.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                • Rule: NanoCore, Description: unknown, Source: 00000007.00000002.915976815.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000007.00000000.672759409.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000007.00000000.672759409.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                • Rule: NanoCore, Description: unknown, Source: 00000007.00000000.672759409.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000007.00000002.922602924.0000000005D50000.00000004.00020000.sdmp, Author: Florian Roth
                                                • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000007.00000002.922602924.0000000005D50000.00000004.00020000.sdmp, Author: Florian Roth
                                                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000007.00000000.673837687.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000007.00000000.673837687.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                • Rule: NanoCore, Description: unknown, Source: 00000007.00000000.673837687.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000007.00000000.673297217.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000007.00000000.673297217.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                • Rule: NanoCore, Description: unknown, Source: 00000007.00000000.673297217.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                Reputation:low

                                                Chronological Activities

                                                Analysis Process: schtasks.exe PID: 3396 Parent PID: 1668

                                                General

                                                Start time:11:37:27
                                                Start date:22/11/2021
                                                Path:C:\Windows\SysWOW64\schtasks.exe
                                                Wow64 process (32bit):true
                                                Commandline:schtasks.exe" /create /f /tn "DHCP Monitor" /xml "C:\Users\user\AppData\Local\Temp\tmp1F1D.tmp
                                                Imagebase:0xc20000
                                                File size:185856 bytes
                                                MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high

                                                Chronological Activities

                                                Analysis Process: conhost.exe PID: 5732 Parent PID: 3396

                                                General

                                                Start time:11:37:28
                                                Start date:22/11/2021
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff724c50000
                                                File size:625664 bytes
                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high

                                                Chronological Activities

                                                Analysis Process: purchase order Nl32855 (1).exe PID: 4864 Parent PID: 968

                                                General

                                                Start time:11:37:29
                                                Start date:22/11/2021
                                                Path:C:\Users\user\Desktop\purchase order Nl32855 (1).exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\Desktop\purchase order Nl32855 (1).exe" 0
                                                Imagebase:0xcf0000
                                                File size:905728 bytes
                                                MD5 hash:C466151570C893F56D548A9689155656
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:.Net C# or VB.NET
                                                Yara matches:
                                                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000A.00000002.704899996.0000000004391000.00000004.00000001.sdmp, Author: Florian Roth
                                                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000A.00000002.704899996.0000000004391000.00000004.00000001.sdmp, Author: Joe Security
                                                • Rule: NanoCore, Description: unknown, Source: 0000000A.00000002.704899996.0000000004391000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                Reputation:low

                                                Chronological Activities

                                                Analysis Process: schtasks.exe PID: 3296 Parent PID: 1668

                                                General

                                                Start time:11:37:32
                                                Start date:22/11/2021
                                                Path:C:\Windows\SysWOW64\schtasks.exe
                                                Wow64 process (32bit):true
                                                Commandline:schtasks.exe" /create /f /tn "DHCP Monitor Task" /xml "C:\Users\user\AppData\Local\Temp\tmp2A39.tmp
                                                Imagebase:0xc20000
                                                File size:185856 bytes
                                                MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high

                                                Chronological Activities

                                                Analysis Process: conhost.exe PID: 5648 Parent PID: 3296

                                                General

                                                Start time:11:37:32
                                                Start date:22/11/2021
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff724c50000
                                                File size:625664 bytes
                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high

                                                Chronological Activities

                                                Analysis Process: schtasks.exe PID: 6764 Parent PID: 4864

                                                General

                                                Start time:11:37:34
                                                Start date:22/11/2021
                                                Path:C:\Windows\SysWOW64\schtasks.exe
                                                Wow64 process (32bit):true
                                                Commandline:C:\Windows\System32\schtasks.exe" /Create /TN "Updates\qZEskWcTYJLciB" /XML "C:\Users\user\AppData\Local\Temp\tmpE496.tmp
                                                Imagebase:0xc20000
                                                File size:185856 bytes
                                                MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high

                                                Chronological Activities

                                                Analysis Process: dhcpmon.exe PID: 6700 Parent PID: 968

                                                General

                                                Start time:11:37:34
                                                Start date:22/11/2021
                                                Path:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe" 0
                                                Imagebase:0x870000
                                                File size:905728 bytes
                                                MD5 hash:C466151570C893F56D548A9689155656
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:.Net C# or VB.NET
                                                Yara matches:
                                                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000E.00000002.715852193.00000000041D1000.00000004.00000001.sdmp, Author: Florian Roth
                                                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000E.00000002.715852193.00000000041D1000.00000004.00000001.sdmp, Author: Joe Security
                                                • Rule: NanoCore, Description: unknown, Source: 0000000E.00000002.715852193.00000000041D1000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                Antivirus matches:
                                                • Detection: 100%, Joe Sandbox ML
                                                • Detection: 20%, ReversingLabs
                                                Reputation:low

                                                Chronological Activities

                                                Analysis Process: conhost.exe PID: 7028 Parent PID: 6764

                                                General

                                                Start time:11:37:35
                                                Start date:22/11/2021
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff724c50000
                                                File size:625664 bytes
                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high

                                                Chronological Activities

                                                Analysis Process: purchase order Nl32855 (1).exe PID: 5580 Parent PID: 4864

                                                General

                                                Start time:11:37:36
                                                Start date:22/11/2021
                                                Path:C:\Users\user\Desktop\purchase order Nl32855 (1).exe
                                                Wow64 process (32bit):true
                                                Commandline:{path}
                                                Imagebase:0xa60000
                                                File size:905728 bytes
                                                MD5 hash:C466151570C893F56D548A9689155656
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:.Net C# or VB.NET
                                                Yara matches:
                                                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000010.00000000.700142323.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000010.00000000.700142323.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                • Rule: NanoCore, Description: unknown, Source: 00000010.00000000.700142323.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000010.00000000.699611919.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000010.00000000.699611919.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                • Rule: NanoCore, Description: unknown, Source: 00000010.00000000.699611919.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000010.00000000.698759095.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000010.00000000.698759095.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                • Rule: NanoCore, Description: unknown, Source: 00000010.00000000.698759095.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000010.00000002.716328250.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000010.00000002.716328250.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                • Rule: NanoCore, Description: unknown, Source: 00000010.00000002.716328250.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000010.00000002.717558485.0000000004301000.00000004.00000001.sdmp, Author: Joe Security
                                                • Rule: NanoCore, Description: unknown, Source: 00000010.00000002.717558485.0000000004301000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000010.00000002.717504195.0000000003301000.00000004.00000001.sdmp, Author: Joe Security
                                                • Rule: NanoCore, Description: unknown, Source: 00000010.00000002.717504195.0000000003301000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000010.00000000.700948566.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000010.00000000.700948566.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                • Rule: NanoCore, Description: unknown, Source: 00000010.00000000.700948566.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                Reputation:low

                                                Chronological Activities

                                                Analysis Process: dhcpmon.exe PID: 7084 Parent PID: 3424

                                                General

                                                Start time:11:37:37
                                                Start date:22/11/2021
                                                Path:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe"
                                                Imagebase:0x3c0000
                                                File size:905728 bytes
                                                MD5 hash:C466151570C893F56D548A9689155656
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:.Net C# or VB.NET
                                                Yara matches:
                                                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000011.00000002.732518649.0000000003C91000.00000004.00000001.sdmp, Author: Florian Roth
                                                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000011.00000002.732518649.0000000003C91000.00000004.00000001.sdmp, Author: Joe Security
                                                • Rule: NanoCore, Description: unknown, Source: 00000011.00000002.732518649.0000000003C91000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                Reputation:low

                                                Chronological Activities

                                                Analysis Process: schtasks.exe PID: 7044 Parent PID: 6700

                                                General

                                                Start time:11:37:37
                                                Start date:22/11/2021
                                                Path:C:\Windows\SysWOW64\schtasks.exe
                                                Wow64 process (32bit):true
                                                Commandline:C:\Windows\System32\schtasks.exe" /Create /TN "Updates\qZEskWcTYJLciB" /XML "C:\Users\user\AppData\Local\Temp\tmpF1A6.tmp
                                                Imagebase:0xc20000
                                                File size:185856 bytes
                                                MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high

                                                Chronological Activities

                                                Analysis Process: conhost.exe PID: 4592 Parent PID: 7044

                                                General

                                                Start time:11:37:38
                                                Start date:22/11/2021
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff724c50000
                                                File size:625664 bytes
                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high

                                                Chronological Activities

                                                Analysis Process: dhcpmon.exe PID: 6252 Parent PID: 6700

                                                General

                                                Start time:11:37:39
                                                Start date:22/11/2021
                                                Path:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                                Wow64 process (32bit):true
                                                Commandline:{path}
                                                Imagebase:0xfd0000
                                                File size:905728 bytes
                                                MD5 hash:C466151570C893F56D548A9689155656
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:.Net C# or VB.NET
                                                Yara matches:
                                                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000014.00000002.729145629.0000000004881000.00000004.00000001.sdmp, Author: Joe Security
                                                • Rule: NanoCore, Description: unknown, Source: 00000014.00000002.729145629.0000000004881000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000014.00000000.710553542.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000014.00000000.710553542.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                • Rule: NanoCore, Description: unknown, Source: 00000014.00000000.710553542.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000014.00000000.708011695.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000014.00000000.708011695.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                • Rule: NanoCore, Description: unknown, Source: 00000014.00000000.708011695.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000014.00000000.709668715.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000014.00000000.709668715.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                • Rule: NanoCore, Description: unknown, Source: 00000014.00000000.709668715.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000014.00000002.728891545.0000000003881000.00000004.00000001.sdmp, Author: Joe Security
                                                • Rule: NanoCore, Description: unknown, Source: 00000014.00000002.728891545.0000000003881000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000014.00000002.728031423.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000014.00000002.728031423.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                • Rule: NanoCore, Description: unknown, Source: 00000014.00000002.728031423.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000014.00000000.708878421.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000014.00000000.708878421.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                • Rule: NanoCore, Description: unknown, Source: 00000014.00000000.708878421.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>

                                                Chronological Activities

                                                Analysis Process: schtasks.exe PID: 6864 Parent PID: 7084

                                                General

                                                Start time:11:37:41
                                                Start date:22/11/2021
                                                Path:C:\Windows\SysWOW64\schtasks.exe
                                                Wow64 process (32bit):true
                                                Commandline:C:\Windows\System32\schtasks.exe" /Create /TN "Updates\qZEskWcTYJLciB" /XML "C:\Users\user\AppData\Local\Temp\tmpD.tmp
                                                Imagebase:0xc20000
                                                File size:185856 bytes
                                                MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language

                                                Chronological Activities

                                                Analysis Process: conhost.exe PID: 7152 Parent PID: 6864

                                                General

                                                Start time:11:37:42
                                                Start date:22/11/2021
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff724c50000
                                                File size:625664 bytes
                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language

                                                Chronological Activities

                                                Analysis Process: dhcpmon.exe PID: 5820 Parent PID: 7084

                                                General

                                                Start time:11:37:43
                                                Start date:22/11/2021
                                                Path:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                                Wow64 process (32bit):false
                                                Commandline:{path}
                                                Imagebase:0x20000
                                                File size:905728 bytes
                                                MD5 hash:C466151570C893F56D548A9689155656
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language

                                                Chronological Activities

                                                Analysis Process: dhcpmon.exe PID: 2044 Parent PID: 7084

                                                General

                                                Start time:11:37:45
                                                Start date:22/11/2021
                                                Path:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                                Wow64 process (32bit):false
                                                Commandline:{path}
                                                Imagebase:0x320000
                                                File size:905728 bytes
                                                MD5 hash:C466151570C893F56D548A9689155656
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language

                                                Chronological Activities

                                                Analysis Process: dhcpmon.exe PID: 5984 Parent PID: 7084

                                                General

                                                Start time:11:37:46
                                                Start date:22/11/2021
                                                Path:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                                Wow64 process (32bit):true
                                                Commandline:{path}
                                                Imagebase:0xd40000
                                                File size:905728 bytes
                                                MD5 hash:C466151570C893F56D548A9689155656
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:.Net C# or VB.NET
                                                Yara matches:
                                                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000001B.00000002.744724197.00000000044C1000.00000004.00000001.sdmp, Author: Joe Security
                                                • Rule: NanoCore, Description: unknown, Source: 0000001B.00000002.744724197.00000000044C1000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000001B.00000000.727842390.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000001B.00000000.727842390.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                • Rule: NanoCore, Description: unknown, Source: 0000001B.00000000.727842390.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000001B.00000002.744635827.00000000034C1000.00000004.00000001.sdmp, Author: Joe Security
                                                • Rule: NanoCore, Description: unknown, Source: 0000001B.00000002.744635827.00000000034C1000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000001B.00000000.727053343.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000001B.00000000.727053343.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                • Rule: NanoCore, Description: unknown, Source: 0000001B.00000000.727053343.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000001B.00000000.726440276.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000001B.00000000.726440276.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                • Rule: NanoCore, Description: unknown, Source: 0000001B.00000000.726440276.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000001B.00000000.728365037.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000001B.00000000.728365037.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                • Rule: NanoCore, Description: unknown, Source: 0000001B.00000000.728365037.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000001B.00000002.743854657.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000001B.00000002.743854657.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                • Rule: NanoCore, Description: unknown, Source: 0000001B.00000002.743854657.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>

                                                Chronological Activities

                                                Disassembly

                                                Code Analysis

                                                Reset < >

                                                  Analysis Process: purchase order Nl32855 (1).exe PID: 6824 Parent PID: 6012 purchase order Nl32855 (1).exeCOMMON

                                                  Executed Functions

                                                  Function 029BD5C0, Relevance: 5.7, Strings: 4, Instructions: 739COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ID$:@fq$:@fq$:@fq
                                                  • API String ID: 0-3678339073
                                                  • Opcode ID: 6be1faa097f825d42aec8879812024354f69ffa6dcdc435d90ced088d752297d
                                                  • Instruction ID: b9c750acc18d5024dd46543690d9599a2730e0264a086e438d60b54f191e5f1d
                                                  • Opcode Fuzzy Hash: 6be1faa097f825d42aec8879812024354f69ffa6dcdc435d90ced088d752297d
                                                  • Instruction Fuzzy Hash: E552E270A05215CFCB169F68C6947EDBBF2FF89304F2485AAE4869B299D730DC41CB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B0EE0, Relevance: 4.0, Strings: 1, Instructions: 2717COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 2S/p
                                                  • API String ID: 0-1468348046
                                                  • Opcode ID: e3ea94b8f390c3daf25ff7edb52a82b45d1f2ea845769f1236a040db38271f39
                                                  • Instruction ID: fa24fc64fdaa08eff5655c3b3cc89cdfbf0490d1d5e421dc4a430a29255a9653
                                                  • Opcode Fuzzy Hash: e3ea94b8f390c3daf25ff7edb52a82b45d1f2ea845769f1236a040db38271f39
                                                  • Instruction Fuzzy Hash: DC63A574A016188FDB64DF24C898B9DB7B2FF8A305F5151E9E509AB3A1DB316E84CF01
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A6B220, Relevance: 2.7, Strings: 2, Instructions: 164COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: :@fq$x{yE
                                                  • API String ID: 0-1723255314
                                                  • Opcode ID: d240c0cb34ecc7fb94570162a3cc4fe6069e581b42fb732022a0da8c4c616d8b
                                                  • Instruction ID: 3b45d56bd18886b2879de1aa6ca9e946d1d95bef1c4987c68a64f638b0db9189
                                                  • Opcode Fuzzy Hash: d240c0cb34ecc7fb94570162a3cc4fe6069e581b42fb732022a0da8c4c616d8b
                                                  • Instruction Fuzzy Hash: F171E2B4E11208DFDB44DFA5D5855AEBBB2FF89300F208069E80ABB394DB345A51CF54
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B6C18, Relevance: 1.6, Strings: 1, Instructions: 353COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: >_kq
                                                  • API String ID: 0-4149988037
                                                  • Opcode ID: df431cf116c3c68d2324d3eb23411d34d3520807a10ef5920b0be436f07cce0e
                                                  • Instruction ID: 09f5a17ca78a4c90ba52934f41acb94bc912e15599ea23c8501aa63645f69b6d
                                                  • Opcode Fuzzy Hash: df431cf116c3c68d2324d3eb23411d34d3520807a10ef5920b0be436f07cce0e
                                                  • Instruction Fuzzy Hash: E6F16775801209CFDB05DF99C684AECFBB6FF88309F25D299C404AB256C7B49985CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B6C28, Relevance: 1.6, Strings: 1, Instructions: 352COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: >_kq
                                                  • API String ID: 0-4149988037
                                                  • Opcode ID: 36cbcb1dde072a3c2ed60273605f48bc896935b4a3e15fe6b90ac40417e6ca1f
                                                  • Instruction ID: 5c9294ccd4d711a033db2566236d7ca11fc75e50bc9798921c061d12e809df5f
                                                  • Opcode Fuzzy Hash: 36cbcb1dde072a3c2ed60273605f48bc896935b4a3e15fe6b90ac40417e6ca1f
                                                  • Instruction Fuzzy Hash: 36E16875901209CFDB05DF99CA84AEDFBB6FF88309F25D258C408AB256C7B49985CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A681CF, Relevance: 1.5, Strings: 1, Instructions: 280COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: %
                                                  • API String ID: 0-155621495
                                                  • Opcode ID: 110ea5f43883ba7d5c64458f361d8ab98e6fadfbf822a71524c2a635070b9b86
                                                  • Instruction ID: c648f8a084af39a711b2f29ce7df6128d87eb9f508a86ebe96e1df6ddf237d3c
                                                  • Opcode Fuzzy Hash: 110ea5f43883ba7d5c64458f361d8ab98e6fadfbf822a71524c2a635070b9b86
                                                  • Instruction Fuzzy Hash: F1D17C74A11249DFDB44EFA8E68898CBFF1FF08348B1180A9E415DB794DB74A984CF60
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A681E0, Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: %
                                                  • API String ID: 0-155621495
                                                  • Opcode ID: 651637b648d1dd99885a24d801b10a50cfecf7c48360905300e802bf894198c7
                                                  • Instruction ID: b26024ab800fb2074eae1e0360e4b797b8c208908d6f8efac802d4268ae93302
                                                  • Opcode Fuzzy Hash: 651637b648d1dd99885a24d801b10a50cfecf7c48360905300e802bf894198c7
                                                  • Instruction Fuzzy Hash: 28D17B74A11249DFDB44EFA8E68898CBFF5FB08349F1180A9E415DB394DB74A984CF60
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029BF438, Relevance: .5, Instructions: 468COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 12ce575201e4a13b7e56a5a158511b99ec20e65abe6043acf020b4c0b5251596
                                                  • Instruction ID: c5f23f32752012376b5c77f0b82c6062a7bb370b6a233690a5e81004e7724643
                                                  • Opcode Fuzzy Hash: 12ce575201e4a13b7e56a5a158511b99ec20e65abe6043acf020b4c0b5251596
                                                  • Instruction Fuzzy Hash: 76F1FF30B042499BDB168BA9CD547FEBBA6AF89700F24846AF406DB791CB748C46C791
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B5768, Relevance: .4, Instructions: 359COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c416e6a6249c849eb489886f642e3ab84d62a873e0c579d60df41433ae7e36ca
                                                  • Instruction ID: cd6c7f32912d041492d36f7e5959fc06203139dbf6d0b8b3d11632c1eb93aa4f
                                                  • Opcode Fuzzy Hash: c416e6a6249c849eb489886f642e3ab84d62a873e0c579d60df41433ae7e36ca
                                                  • Instruction Fuzzy Hash: A5F1D374D05218CFDB29CF66C988BEDBBB6BF89304F1081A9D509AB261DB715E85CF40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B7F98, Relevance: .3, Instructions: 266COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6383e1195f87db4fb028bdf8dadf7ef5ce42b685e1c23ddff0d2f71eba2662dc
                                                  • Instruction ID: 4d6935b0eb305f4be80dd41ad9f1314325b1019c6117190d77f9a27bc52b77ea
                                                  • Opcode Fuzzy Hash: 6383e1195f87db4fb028bdf8dadf7ef5ce42b685e1c23ddff0d2f71eba2662dc
                                                  • Instruction Fuzzy Hash: 14B1D174D05609CFCB05CFA9C684AEEBBFAFF49344F249529D809AB205D730A986CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B575A, Relevance: .2, Instructions: 246COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 47276e670c469b3b62c588ab4295ce17b0dbeed6ca0a91ae533239049c011277
                                                  • Instruction ID: e3b11280bbac104d0304304536a06610991aba7fad08e41fadfb4640c9b13a22
                                                  • Opcode Fuzzy Hash: 47276e670c469b3b62c588ab4295ce17b0dbeed6ca0a91ae533239049c011277
                                                  • Instruction Fuzzy Hash: FBC1BF74D01228CFDB29CF66C988BDDBBB2BF89304F1480E9D549AB261DB705A85CF40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A60CB9, Relevance: .2, Instructions: 237COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2b5016ca891ef761c30e2c31c15aae61334861eedb09f0d07b5b4e9c0d426fc8
                                                  • Instruction ID: 3f7c715faaa805b8731db90790fa957c3a901de7460c31421cd62aac7fa788df
                                                  • Opcode Fuzzy Hash: 2b5016ca891ef761c30e2c31c15aae61334861eedb09f0d07b5b4e9c0d426fc8
                                                  • Instruction Fuzzy Hash: C6A138B0D05209DFDB44DFA5CA41AEEBBF2FF89300F14816AE405AB254D7349A42CFA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A60D38, Relevance: .2, Instructions: 180COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7e23236f424da4a4418bad8478c578c51bc1abcbcc9cd959c697646ad3375ddd
                                                  • Instruction ID: 92a3a05a0f3c8f34e26bda1c142c0d0efaa850ddb3c1f7853ec1d7f09a5adbd1
                                                  • Opcode Fuzzy Hash: 7e23236f424da4a4418bad8478c578c51bc1abcbcc9cd959c697646ad3375ddd
                                                  • Instruction Fuzzy Hash: CE81E3B4D04209DFDB44DFE6C645AAEBBF2FF89300F10816AE415AB254D734AA45CF94
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A61560, Relevance: .1, Instructions: 130COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b17ff4c966509dd58daba87e98b6a27dc2ea7b130817584316db3f34137b9339
                                                  • Instruction ID: ee5ae1227ba6d820d0d53db9f520ec77e2964efe4020130d9a71513531f14142
                                                  • Opcode Fuzzy Hash: b17ff4c966509dd58daba87e98b6a27dc2ea7b130817584316db3f34137b9339
                                                  • Instruction Fuzzy Hash: D7515B79D0420A8FDB44CFEAC5405AEFFF2FB89311F15955AE416AB210C7349A42CFA4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A61E28, Relevance: .1, Instructions: 70COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ba4a6eadfcee0607caf7fb3c503e7b80b03c45dbbc78fc74bd79cdd395ce4e17
                                                  • Instruction ID: 3ef95e2dc65b0ed79cc3372ea7b027f69c76bb708450ccb5ad3205160e2aa3f1
                                                  • Opcode Fuzzy Hash: ba4a6eadfcee0607caf7fb3c503e7b80b03c45dbbc78fc74bd79cdd395ce4e17
                                                  • Instruction Fuzzy Hash: 6C21E4B1E006588BEB58CFAAD94439EFBF2AFC8310F14C16AD409AA254DB745A55CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05000A49, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualProtect.KERNELBASE(?,?,?,?), ref: 05000ABD
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.678156651.0000000005000000.00000040.00000001.sdmp, Offset: 05000000, based on PE: false
                                                  Similarity
                                                  • API ID: ProtectVirtual
                                                  • String ID: 8< r
                                                  • API String ID: 544645111-304424724
                                                  • Opcode ID: 72602fcda8fe621129d8aced4e914f40b33ce702919c576c9c456ecc6ac8e078
                                                  • Instruction ID: 2b79b8cfd3c5218cd1b546a21132f3dcb75968da220fc4b8e17206d393229c7f
                                                  • Opcode Fuzzy Hash: 72602fcda8fe621129d8aced4e914f40b33ce702919c576c9c456ecc6ac8e078
                                                  • Instruction Fuzzy Hash: 9721A1761093809FEB228B25DC54B62FFB4EF06210F0884DEE9858B162D271A408DB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05000A82, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualProtect.KERNELBASE(?,?,?,?), ref: 05000ABD
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.678156651.0000000005000000.00000040.00000001.sdmp, Offset: 05000000, based on PE: false
                                                  Similarity
                                                  • API ID: ProtectVirtual
                                                  • String ID: 8< r
                                                  • API String ID: 544645111-304424724
                                                  • Opcode ID: 9c285ca330f6bf004c0dbd3752f85cd26c9756a67873d8da5608f0b38d650847
                                                  • Instruction ID: d7aae21549798378d257d8c0564ad66d7ad94c1cc512c3067445ed5df593d787
                                                  • Opcode Fuzzy Hash: 9c285ca330f6bf004c0dbd3752f85cd26c9756a67873d8da5608f0b38d650847
                                                  • Instruction Fuzzy Hash: 1101B135501700DFEB608F59E888B6AFBA0EF05320F08C0AEDD454B656D375E458CB72
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05001653, Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 05001703
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.678156651.0000000005000000.00000040.00000001.sdmp, Offset: 05000000, based on PE: false
                                                  Similarity
                                                  • API ID: DuplicateHandle
                                                  • String ID:
                                                  • API String ID: 3793708945-0
                                                  • Opcode ID: 2e1629b1137d5ff5a1f56c7bfe24cd06250e7e1f3a0f8305d331d206c600e708
                                                  • Instruction ID: 1b8687d397e47d5ae565ef0aefd23a83842540941f35634ccb75ea228ede9d37
                                                  • Opcode Fuzzy Hash: 2e1629b1137d5ff5a1f56c7bfe24cd06250e7e1f3a0f8305d331d206c600e708
                                                  • Instruction Fuzzy Hash: E831B6714043846FE7228F25DC44F66BFBCEF05320F0484ABE985DB152D274A909CB71
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05000BD4, Relevance: 1.6, APIs: 1, Instructions: 90fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 05000C75
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.678156651.0000000005000000.00000040.00000001.sdmp, Offset: 05000000, based on PE: false
                                                  Similarity
                                                  • API ID: CreateFile
                                                  • String ID:
                                                  • API String ID: 823142352-0
                                                  • Opcode ID: fe535e1c1fe4cd4ad6a17bbdbfc4ac83db9b83ee9028fd118c1098682015d750
                                                  • Instruction ID: 6838f0120a59bddeb61251f964c2401cf63966f7a6c3f6969183796739aba21d
                                                  • Opcode Fuzzy Hash: fe535e1c1fe4cd4ad6a17bbdbfc4ac83db9b83ee9028fd118c1098682015d750
                                                  • Instruction Fuzzy Hash: 1B318FB1504740AFE722CF25DD44F66BFE8EF05620F0884AEE9858B252D375E405CB71
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05000F47, Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetTokenInformation.KERNELBASE(?,00000E2C,2F804C59,00000000,00000000,00000000,00000000), ref: 05000FEC
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.678156651.0000000005000000.00000040.00000001.sdmp, Offset: 05000000, based on PE: false
                                                  Similarity
                                                  • API ID: InformationToken
                                                  • String ID:
                                                  • API String ID: 4114910276-0
                                                  • Opcode ID: d3b8350c1b658bef1a2b9a74ce51e0f3e9be6eecf3060b70993ab23445c9812b
                                                  • Instruction ID: fb63801c0602a50714ac6504ebea4842413d7cbbdcf8cd68b485d8f957b95ac0
                                                  • Opcode Fuzzy Hash: d3b8350c1b658bef1a2b9a74ce51e0f3e9be6eecf3060b70993ab23445c9812b
                                                  • Instruction Fuzzy Hash: 8831B4B1508384AFE722CB25DC55FA7BFACEF06314F0884ABE9849B153D224E548C771
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05001273, Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LsaOpenPolicy.ADVAPI32(?,00000E2C), ref: 0500130F
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.678156651.0000000005000000.00000040.00000001.sdmp, Offset: 05000000, based on PE: false
                                                  Similarity
                                                  • API ID: OpenPolicy
                                                  • String ID:
                                                  • API String ID: 2030686058-0
                                                  • Opcode ID: a91d612cce184e06f2b112b8bb6973c24297e48579e56c64b9d68ecee3b4bece
                                                  • Instruction ID: 6ea3d5776473da96b26b06c9f6008a8ac7328b1cd9cce4edd76818e664ff10ab
                                                  • Opcode Fuzzy Hash: a91d612cce184e06f2b112b8bb6973c24297e48579e56c64b9d68ecee3b4bece
                                                  • Instruction Fuzzy Hash: F8219172504344AFE721CF65DC84F6ABFF8EF05310F0888AAED849B152D234A509CB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05001686, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 05001703
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.678156651.0000000005000000.00000040.00000001.sdmp, Offset: 05000000, based on PE: false
                                                  Similarity
                                                  • API ID: DuplicateHandle
                                                  • String ID:
                                                  • API String ID: 3793708945-0
                                                  • Opcode ID: be3ad39a6ac52f5b16abbad1694d924b2d5453fa0268ebc34606231ebe494590
                                                  • Instruction ID: a5213d51ac6218781ceac34ce583ff4070198ab2b12b1bd45c47ce808a925a2a
                                                  • Opcode Fuzzy Hash: be3ad39a6ac52f5b16abbad1694d924b2d5453fa0268ebc34606231ebe494590
                                                  • Instruction Fuzzy Hash: A021B072500704AFEB21CF69DC84F6AFBADEF04320F04886AE9459B651D274E449CB71
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05000CCC, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetFileType.KERNELBASE(?,00000E2C,2F804C59,00000000,00000000,00000000,00000000), ref: 05000D61
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.678156651.0000000005000000.00000040.00000001.sdmp, Offset: 05000000, based on PE: false
                                                  Similarity
                                                  • API ID: FileType
                                                  • String ID:
                                                  • API String ID: 3081899298-0
                                                  • Opcode ID: 5508f898d09f73a5c4e6a8dd41d651219e92cb40b99eb49844cdd72597222548
                                                  • Instruction ID: 5302e59868d53b9a7a82269b1521c424a1e7b2c5595734c4a8aa9121c40d6b6b
                                                  • Opcode Fuzzy Hash: 5508f898d09f73a5c4e6a8dd41d651219e92cb40b99eb49844cdd72597222548
                                                  • Instruction Fuzzy Hash: FA21D6B54087806FE712CB259C44BA6BFB8EF46720F1884DBE9849B157D224A905C7B1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05001761, Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DeleteFileW.KERNELBASE(?), ref: 050017E8
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.678156651.0000000005000000.00000040.00000001.sdmp, Offset: 05000000, based on PE: false
                                                  Similarity
                                                  • API ID: DeleteFile
                                                  • String ID:
                                                  • API String ID: 4033686569-0
                                                  • Opcode ID: 716075d4bafd4611c42832973dfc18d2171f97e592a45d76a43a0d692392afce
                                                  • Instruction ID: 0236e910d84b378ade25e9b10fd7cacd5acc4793bd97a9561171b632960e18f5
                                                  • Opcode Fuzzy Hash: 716075d4bafd4611c42832973dfc18d2171f97e592a45d76a43a0d692392afce
                                                  • Instruction Fuzzy Hash: C62180725093C09FEB12CB25DC54B56BFA4EF07210F0984DADC858F2A3D225A908C761
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05000BF6, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 05000C75
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.678156651.0000000005000000.00000040.00000001.sdmp, Offset: 05000000, based on PE: false
                                                  Similarity
                                                  • API ID: CreateFile
                                                  • String ID:
                                                  • API String ID: 823142352-0
                                                  • Opcode ID: c9aef9a16c3bab800ff180574c075230621645f0a30795b8e26dfd8ef2cb1951
                                                  • Instruction ID: 3089c653a11320c175ccca3e65e191a0b48cd5872800ebc1adf834968bdc686e
                                                  • Opcode Fuzzy Hash: c9aef9a16c3bab800ff180574c075230621645f0a30795b8e26dfd8ef2cb1951
                                                  • Instruction Fuzzy Hash: 1E217C71500740AFE721DF65DD89F6AFBE8EF08720F04846AE9858B691D375E404CB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0500011D, Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DrawTextExW.USER32(?,?,?,?,?), ref: 0500019F
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.678156651.0000000005000000.00000040.00000001.sdmp, Offset: 05000000, based on PE: false
                                                  Similarity
                                                  • API ID: DrawText
                                                  • String ID:
                                                  • API String ID: 2175133113-0
                                                  • Opcode ID: 045868fb20abb3528c58002b0da9e039c4cfa246fff0b0b20405a96b09f2f821
                                                  • Instruction ID: d74911a8fcddcafa9c854017963e7c240b79cde57426db9ded6377af60f03cf8
                                                  • Opcode Fuzzy Hash: 045868fb20abb3528c58002b0da9e039c4cfa246fff0b0b20405a96b09f2f821
                                                  • Instruction Fuzzy Hash: 0A219271509784AFE722CF25DC84BA6BFF4EF06210F09849AED859B152D275E809CB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0500129E, Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LsaOpenPolicy.ADVAPI32(?,00000E2C), ref: 0500130F
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.678156651.0000000005000000.00000040.00000001.sdmp, Offset: 05000000, based on PE: false
                                                  Similarity
                                                  • API ID: OpenPolicy
                                                  • String ID:
                                                  • API String ID: 2030686058-0
                                                  • Opcode ID: 3b874645a26f3e9e79475c267be74a99da58713224d4d3989305016ec28dd7f0
                                                  • Instruction ID: 381e067eb819391cc423f23e951fe2841dbc5bd2097d625414ac3de10b499fbf
                                                  • Opcode Fuzzy Hash: 3b874645a26f3e9e79475c267be74a99da58713224d4d3989305016ec28dd7f0
                                                  • Instruction Fuzzy Hash: AC219DB2500304AFE721DF69DC85F6AFBE8EF04720F08886AED459A685D234A405CB71
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05000E7E, Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WriteFile.KERNELBASE(?,00000E2C,2F804C59,00000000,00000000,00000000,00000000), ref: 05000EFD
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.678156651.0000000005000000.00000040.00000001.sdmp, Offset: 05000000, based on PE: false
                                                  Similarity
                                                  • API ID: FileWrite
                                                  • String ID:
                                                  • API String ID: 3934441357-0
                                                  • Opcode ID: ca2207580016b39583c4adca54093ede15742d626e863eea23a8cca3c8f99c2d
                                                  • Instruction ID: f350036b852e4214a1644bc36f19e8d1a4e71e07eee6b23de141cbfe515c466f
                                                  • Opcode Fuzzy Hash: ca2207580016b39583c4adca54093ede15742d626e863eea23a8cca3c8f99c2d
                                                  • Instruction Fuzzy Hash: 8B218071409380AFEB228F55DD45F66BFB8EF45320F08849AE9449B152C274A508CB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05000F82, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetTokenInformation.KERNELBASE(?,00000E2C,2F804C59,00000000,00000000,00000000,00000000), ref: 05000FEC
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.678156651.0000000005000000.00000040.00000001.sdmp, Offset: 05000000, based on PE: false
                                                  Similarity
                                                  • API ID: InformationToken
                                                  • String ID:
                                                  • API String ID: 4114910276-0
                                                  • Opcode ID: 225a09b123cc45a3f69e47f49300fbf524002ea2d72c61bd7d1ce12dcbc64f34
                                                  • Instruction ID: 7f64ad9060c2f5c7ff11c76921dc85b0425963c6dd321a8c17c492fb47f45ca1
                                                  • Opcode Fuzzy Hash: 225a09b123cc45a3f69e47f49300fbf524002ea2d72c61bd7d1ce12dcbc64f34
                                                  • Instruction Fuzzy Hash: D111ACB1500344AFEB21CF65DC84FABBBACEF04320F04846AE9459A245D674E508CBB1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05001A24, Relevance: 1.6, APIs: 1, Instructions: 68injectionCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05001AA4
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.678156651.0000000005000000.00000040.00000001.sdmp, Offset: 05000000, based on PE: false
                                                  Similarity
                                                  • API ID: MemoryProcessWrite
                                                  • String ID:
                                                  • API String ID: 3559483778-0
                                                  • Opcode ID: de0a948a9a6fc5875f9d084c51023580d535e424e7a161028a00b9f99a0f5662
                                                  • Instruction ID: 427ec2f47bb7462cce87414fca21361b4e90dbac59ff63841e9a82b4d542a3f0
                                                  • Opcode Fuzzy Hash: de0a948a9a6fc5875f9d084c51023580d535e424e7a161028a00b9f99a0f5662
                                                  • Instruction Fuzzy Hash: CF21C1750097C09FE7128B25DC84A96FFF4EF07310F0980DFD8818B563D2249848DB21
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05001B85, Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • PostMessageW.USER32(?,?,?,?), ref: 05001BF9
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.678156651.0000000005000000.00000040.00000001.sdmp, Offset: 05000000, based on PE: false
                                                  Similarity
                                                  • API ID: MessagePost
                                                  • String ID:
                                                  • API String ID: 410705778-0
                                                  • Opcode ID: c3c6c865c28845090dd5ca48629c9127a6d831d502f59104bbe94423055f4e44
                                                  • Instruction ID: b7a389779244ee60ca3c359e43b2efd468143c0d3d883f05ff5688f5013778d8
                                                  • Opcode Fuzzy Hash: c3c6c865c28845090dd5ca48629c9127a6d831d502f59104bbe94423055f4e44
                                                  • Instruction Fuzzy Hash: 07215C714093C0AFDB238B25DC44A52FFB4EF17220F0985DBE9858F563D275A858DB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05000E9E, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WriteFile.KERNELBASE(?,00000E2C,2F804C59,00000000,00000000,00000000,00000000), ref: 05000EFD
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.678156651.0000000005000000.00000040.00000001.sdmp, Offset: 05000000, based on PE: false
                                                  Similarity
                                                  • API ID: FileWrite
                                                  • String ID:
                                                  • API String ID: 3934441357-0
                                                  • Opcode ID: 9b19b44a8337e5e51b10bca68be37c61d987b95c8aca597844d5dd5babfb61e8
                                                  • Instruction ID: 59abe14600dcdfd25b886cb9c7b4a22707583fb606cca5f7757b0b9a23c00ba8
                                                  • Opcode Fuzzy Hash: 9b19b44a8337e5e51b10bca68be37c61d987b95c8aca597844d5dd5babfb61e8
                                                  • Instruction Fuzzy Hash: 8C11C171504304EFEB21CF55ED85FAAFBA8EF04320F4484AAEE459B685D274E504CBB1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05001983, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 050019E8
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.678156651.0000000005000000.00000040.00000001.sdmp, Offset: 05000000, based on PE: false
                                                  Similarity
                                                  • API ID: MemoryProcessRead
                                                  • String ID:
                                                  • API String ID: 1726664587-0
                                                  • Opcode ID: e6ff392d0f9001e9a9211c7aea1451c214f9065560a88744527059009d33256c
                                                  • Instruction ID: 98430da88148bf33f8b17fd531e766d1fe92083ba27123408bb78c758b59820f
                                                  • Opcode Fuzzy Hash: e6ff392d0f9001e9a9211c7aea1451c214f9065560a88744527059009d33256c
                                                  • Instruction Fuzzy Hash: 4811E676009780AFDB228F11DC40A56FFB4EF06320F0880DEED858B563C275A458DB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05001F17, Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • PostMessageW.USER32(?,?,?,?), ref: 05001F81
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.678156651.0000000005000000.00000040.00000001.sdmp, Offset: 05000000, based on PE: false
                                                  Similarity
                                                  • API ID: MessagePost
                                                  • String ID:
                                                  • API String ID: 410705778-0
                                                  • Opcode ID: 7d65d52c07e9b8c0ac48c991346f0cd7bf814fa6cfcd6bd2b992275107c60e65
                                                  • Instruction ID: df055cf1239c3b75ae26ca7121fbb4ff631b365b53ebce4b68ca8481c3440055
                                                  • Opcode Fuzzy Hash: 7d65d52c07e9b8c0ac48c991346f0cd7bf814fa6cfcd6bd2b992275107c60e65
                                                  • Instruction Fuzzy Hash: 181193754493809FD7228F15DC45B66FFB4EF06324F0884DEED458B653C275A458CB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 050018DC, Relevance: 1.6, APIs: 1, Instructions: 55threadinjectionCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetThreadContext.KERNELBASE(?,?), ref: 0500193B
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.678156651.0000000005000000.00000040.00000001.sdmp, Offset: 05000000, based on PE: false
                                                  Similarity
                                                  • API ID: ContextThread
                                                  • String ID:
                                                  • API String ID: 1591575202-0
                                                  • Opcode ID: 76689c88b99b7a90cb443f884370f2f7d38b2e8cf5e0aec94865275e87cf1f07
                                                  • Instruction ID: 38f8885baedfb488de63453401441d30822e78f3cf3cf420fd877633f48833ed
                                                  • Opcode Fuzzy Hash: 76689c88b99b7a90cb443f884370f2f7d38b2e8cf5e0aec94865275e87cf1f07
                                                  • Instruction Fuzzy Hash: 42118F755093849FEB11CB15DC85B66FFE8EF06320F0980AEED458B262D274E948CB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05000D0E, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetFileType.KERNELBASE(?,00000E2C,2F804C59,00000000,00000000,00000000,00000000), ref: 05000D61
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.678156651.0000000005000000.00000040.00000001.sdmp, Offset: 05000000, based on PE: false
                                                  Similarity
                                                  • API ID: FileType
                                                  • String ID:
                                                  • API String ID: 3081899298-0
                                                  • Opcode ID: a2c8b9e5f212d9f3c164aec5a2b594d99a7af00d6cd7c9e3246e64ac573b2e79
                                                  • Instruction ID: b97fef583475d5574a6a8f118279c3e3a5dd9ac5a403b4869ce8c45c7a30768a
                                                  • Opcode Fuzzy Hash: a2c8b9e5f212d9f3c164aec5a2b594d99a7af00d6cd7c9e3246e64ac573b2e79
                                                  • Instruction Fuzzy Hash: 6001C475500704AEE721DF15DD89B6AFB98DF04720F54809BED049B285D674E444CAB1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0500014E, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DrawTextExW.USER32(?,?,?,?,?), ref: 0500019F
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.678156651.0000000005000000.00000040.00000001.sdmp, Offset: 05000000, based on PE: false
                                                  Similarity
                                                  • API ID: DrawText
                                                  • String ID:
                                                  • API String ID: 2175133113-0
                                                  • Opcode ID: 2e60de74488c4071cd2f1b0a0bfbd787f0d3ef77afb72cf06aa2e8075e6aa8ab
                                                  • Instruction ID: 8804a69440018d0cdbdd29fbe0c7d6a75b018fb1420113c69cc54a70c3e51789
                                                  • Opcode Fuzzy Hash: 2e60de74488c4071cd2f1b0a0bfbd787f0d3ef77afb72cf06aa2e8075e6aa8ab
                                                  • Instruction Fuzzy Hash: 28115E75504304DFEB60CF56E888BAAFBE8FF04210F4884AADD498B656D375E404CB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 050017AE, Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DeleteFileW.KERNELBASE(?), ref: 050017E8
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.678156651.0000000005000000.00000040.00000001.sdmp, Offset: 05000000, based on PE: false
                                                  Similarity
                                                  • API ID: DeleteFile
                                                  • String ID:
                                                  • API String ID: 4033686569-0
                                                  • Opcode ID: 879b4340edb75c9f949b319475a231b25669d56d172f8535aebfb8a823579552
                                                  • Instruction ID: d69543da461ec29d447e0905cdb1b8d0016c587b21cd18e3d0de4f3398b1c923
                                                  • Opcode Fuzzy Hash: 879b4340edb75c9f949b319475a231b25669d56d172f8535aebfb8a823579552
                                                  • Instruction Fuzzy Hash: 7D0192716002408FEB50CF6AED8576AFBE8EF04320F1894AADD09CF686D274E504CB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05001A5E, Relevance: 1.5, APIs: 1, Instructions: 47injectionCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05001AA4
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.678156651.0000000005000000.00000040.00000001.sdmp, Offset: 05000000, based on PE: false
                                                  Similarity
                                                  • API ID: MemoryProcessWrite
                                                  • String ID:
                                                  • API String ID: 3559483778-0
                                                  • Opcode ID: be2ae94d0b5f6dec8802aa20be8a7ddcaea81f0b6c44aed7e39892b52cdd942e
                                                  • Instruction ID: 6a03e222912bc08fc9d50b6f19204729adc971caa0cb54ca06b3f91d8d99d4fc
                                                  • Opcode Fuzzy Hash: be2ae94d0b5f6dec8802aa20be8a7ddcaea81f0b6c44aed7e39892b52cdd942e
                                                  • Instruction Fuzzy Hash: B8018E356007009FEB20CF56EC84B6AFBE4EF05320F08809ADD468B692D335E458CA61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 050018FE, Relevance: 1.5, APIs: 1, Instructions: 44threadinjectionCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetThreadContext.KERNELBASE(?,?), ref: 0500193B
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.678156651.0000000005000000.00000040.00000001.sdmp, Offset: 05000000, based on PE: false
                                                  Similarity
                                                  • API ID: ContextThread
                                                  • String ID:
                                                  • API String ID: 1591575202-0
                                                  • Opcode ID: 0f6e99490f6e80420ef025db75cee6382943495f96f7a5ce0bba49d2517ecee0
                                                  • Instruction ID: fca8122840192fb357ea4145c6dff8861068e8edbc68eb40028261d1bc1469be
                                                  • Opcode Fuzzy Hash: 0f6e99490f6e80420ef025db75cee6382943495f96f7a5ce0bba49d2517ecee0
                                                  • Instruction Fuzzy Hash: 490171756002409FEB60CF56EC85B69FBD4EF05720F08C0AADD498B695D275E544CA71
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 050019AA, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 050019E8
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.678156651.0000000005000000.00000040.00000001.sdmp, Offset: 05000000, based on PE: false
                                                  Similarity
                                                  • API ID: MemoryProcessRead
                                                  • String ID:
                                                  • API String ID: 1726664587-0
                                                  • Opcode ID: 66015e10ca04577f11de68dab02a25be2787d8e567ef6671661ccbadba743a40
                                                  • Instruction ID: 515edd4ce65c4577f0070a3c53d20ceca777f0d4da3e99f80cfa16b19ac892d1
                                                  • Opcode Fuzzy Hash: 66015e10ca04577f11de68dab02a25be2787d8e567ef6671661ccbadba743a40
                                                  • Instruction Fuzzy Hash: 3E018C35500700DFEB208F56ED84B6AFBA4EF04320F0884AEDE458B655D275E458CB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05001F46, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • PostMessageW.USER32(?,?,?,?), ref: 05001F81
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.678156651.0000000005000000.00000040.00000001.sdmp, Offset: 05000000, based on PE: false
                                                  Similarity
                                                  • API ID: MessagePost
                                                  • String ID:
                                                  • API String ID: 410705778-0
                                                  • Opcode ID: d72da2a94f3a4b8e1d9570f79e56db9e301c92edf33a48c3714d639b7e6584e8
                                                  • Instruction ID: c10d2c1d58df2d459a110cd0fd48733b4ed7f4f2f0906e362ffaa26b97d74814
                                                  • Opcode Fuzzy Hash: d72da2a94f3a4b8e1d9570f79e56db9e301c92edf33a48c3714d639b7e6584e8
                                                  • Instruction Fuzzy Hash: D801B135504300DFEB208F16EC85B6AFBA5EF04320F08C09EED454B695D375E458CBA2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05001BBE, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • PostMessageW.USER32(?,?,?,?), ref: 05001BF9
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.678156651.0000000005000000.00000040.00000001.sdmp, Offset: 05000000, based on PE: false
                                                  Similarity
                                                  • API ID: MessagePost
                                                  • String ID:
                                                  • API String ID: 410705778-0
                                                  • Opcode ID: 417d8f9f8ae0cc61943a0d8371188930176e1b27386b14ce62675af3785dad7f
                                                  • Instruction ID: 40e7a2edb07ca3a54b739dfebde7decb62c5f9486bcfafcf500fa74137c35744
                                                  • Opcode Fuzzy Hash: 417d8f9f8ae0cc61943a0d8371188930176e1b27386b14ce62675af3785dad7f
                                                  • Instruction Fuzzy Hash: 9A017C35500340DFEB618F46DC84B69FBA0EF08320F08C49ADD454B656D375E458CBA2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B6DB5, Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: >_kq
                                                  • API String ID: 0-4149988037
                                                  • Opcode ID: 8968e3534c5a162eafa027b6f0408110fe116a6c4da9e2c9275123d16be9e397
                                                  • Instruction ID: 5ba212e75ad4cd83b292b11f7656af7a3bc591eebca3fdf997d4616801c5a9aa
                                                  • Opcode Fuzzy Hash: 8968e3534c5a162eafa027b6f0408110fe116a6c4da9e2c9275123d16be9e397
                                                  • Instruction Fuzzy Hash: 65C12774802209CFDB11DF98C684AECFBB6FF88359F659298D404AB256C7B4D984CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B6D81, Relevance: 1.5, Strings: 1, Instructions: 260COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: >_kq
                                                  • API String ID: 0-4149988037
                                                  • Opcode ID: ef1e8e32f9097e34c54472eef620011b16e0de8f2f1ce51f5a1c9bc325a6574f
                                                  • Instruction ID: 2ba0f9119d6544ad42797cb42ea90cde43478e6b7e15816761eae1549c41936f
                                                  • Opcode Fuzzy Hash: ef1e8e32f9097e34c54472eef620011b16e0de8f2f1ce51f5a1c9bc325a6574f
                                                  • Instruction Fuzzy Hash: D9C13875802209CFDB11DF98C684AECFBB6FF89359F259298D404AB256C7B4D984CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B0960, Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: :@fq
                                                  • API String ID: 0-3673016210
                                                  • Opcode ID: cdef96b56654fa1b862463dbf4101e9d7befabc6725a65c72b81a34b00ed7849
                                                  • Instruction ID: 88b07889854a58312758e2a85a8bcc531660500b2b765bd6904bfb1bda619a39
                                                  • Opcode Fuzzy Hash: cdef96b56654fa1b862463dbf4101e9d7befabc6725a65c72b81a34b00ed7849
                                                  • Instruction Fuzzy Hash: B981C174E01218CFDB14CFA9C994BEEBBB1BF49314F1085AAD409AB391DB31A985CF10
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B09D0, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: :@fq
                                                  • API String ID: 0-3673016210
                                                  • Opcode ID: 352741bd726e885b7669985b06ed9e21529c2521817cda0d201c7803e514c5ff
                                                  • Instruction ID: 8e0fb5df650cdaecf71b8a01516163b24f3243ba5ea6ec4fd2eec5664f4efb6f
                                                  • Opcode Fuzzy Hash: 352741bd726e885b7669985b06ed9e21529c2521817cda0d201c7803e514c5ff
                                                  • Instruction Fuzzy Hash: 4F51C474E01218CFDB25CFA8C994BADBBB1BF49314F10459AE509AB3A1DB31AD85CF11
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029BD5B0, Relevance: 1.3, Strings: 1, Instructions: 75COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ID
                                                  • API String ID: 0-947598714
                                                  • Opcode ID: aa4a117ae96484d209a37b559e50c251153ee3eecc588ad5544e6ce538ced0d8
                                                  • Instruction ID: e33a82893cc3fdbff63c22e4ec7f399de6caea253eefab8cab3af0625a57e405
                                                  • Opcode Fuzzy Hash: aa4a117ae96484d209a37b559e50c251153ee3eecc588ad5544e6ce538ced0d8
                                                  • Instruction Fuzzy Hash: 3B21D471F00205CBC7269F689945BAE77A6FF85705F104466E80AEB394DB71CD01CBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B0E78, Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: `-Qp
                                                  • API String ID: 0-3646087301
                                                  • Opcode ID: 0224093861d62878101102f2a034c4642b0ad5db414b710dce471aa368acfe6f
                                                  • Instruction ID: e3b5788f8b41df8c6f9f5ccea124b5e964ad7ae94e41f473108296f8e90f90a5
                                                  • Opcode Fuzzy Hash: 0224093861d62878101102f2a034c4642b0ad5db414b710dce471aa368acfe6f
                                                  • Instruction Fuzzy Hash: 13F05430A206288FC725DB24CD047EF7BBAAF8A702F1055ED94496B391DB716D44CE52
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A677A0, Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ntin
                                                  • API String ID: 0-3077571345
                                                  • Opcode ID: 34f9f2def706b26c6c7fd25bacc7382aeb9923f6f171d343db0a5bb21be5b17c
                                                  • Instruction ID: f797d174fb2c92cc1371875671df98ea6129bb5bde617dee321609b5e136f854
                                                  • Opcode Fuzzy Hash: 34f9f2def706b26c6c7fd25bacc7382aeb9923f6f171d343db0a5bb21be5b17c
                                                  • Instruction Fuzzy Hash: 2DF09B749042688FDB10CF94C981A9EBBB0BB19300F119095D409AB725D734A940CF21
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A6639D, Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: <
                                                  • API String ID: 0-4251816714
                                                  • Opcode ID: df141f107c6c512e9fd8061c52a86c2fb4a345e5fd078f9b2c8bda2de0b85f55
                                                  • Instruction ID: fb4d3533006f25fd910360b4d513a685adaddb1918b90a14ef480ad9790adf28
                                                  • Opcode Fuzzy Hash: df141f107c6c512e9fd8061c52a86c2fb4a345e5fd078f9b2c8bda2de0b85f55
                                                  • Instruction Fuzzy Hash: 39F06270815328DFDB64DF22C8986D9FBB1EB49301F1168D9E00A66254CB315B80CF52
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029BE203, Relevance: .4, Instructions: 400COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9d59590473e44647038799ec16d9f6dad7c0ae16445b0fba4a2b8e2bfd4c80dc
                                                  • Instruction ID: d6b3025e9eb262945f136ccaee888043d7d5b8283f61f83b2a5029850bc4aa8d
                                                  • Opcode Fuzzy Hash: 9d59590473e44647038799ec16d9f6dad7c0ae16445b0fba4a2b8e2bfd4c80dc
                                                  • Instruction Fuzzy Hash: 16E11570A05294CFCB128F78C9507FDBBBAEF46314F9484AAE486DB291E734D902C751
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B5A58, Relevance: .3, Instructions: 340COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0badb10924a772565364173fb8fe9ec6942de0dca08b33d13b753697b8d179bb
                                                  • Instruction ID: 5327f32edd84b694d586b21c800bd7b4f67ae8e18782f535137d8447cf4c53dc
                                                  • Opcode Fuzzy Hash: 0badb10924a772565364173fb8fe9ec6942de0dca08b33d13b753697b8d179bb
                                                  • Instruction Fuzzy Hash: 44F1AD74905228CFDB65DF64C988BECBBB6BF49304F5180E9D509AB2A1DB705E89CF40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B7F88, Relevance: .2, Instructions: 217COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bb47f52604a7c135a90ce17dcbc21331ade434fa8795989421fb7c12e28145cf
                                                  • Instruction ID: 21c009c017117f8e0a7ee5e7fb875ca627070e3330f57b21953cc14d3b47683b
                                                  • Opcode Fuzzy Hash: bb47f52604a7c135a90ce17dcbc21331ade434fa8795989421fb7c12e28145cf
                                                  • Instruction Fuzzy Hash: 6691E1B4D05609CFDB05CFA9C684AEEBBFABF4D340F24952AD809AB245D7309945CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B5951, Relevance: .2, Instructions: 183COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ca52a2f53a9c0a0729c187abccbcb803a989d5f4c3bea1fdb9b576b88aca05b1
                                                  • Instruction ID: d8e2b4d74d69b5858df6b3672f264f7ea4c110ce04220da2ba7bdbc0639f03de
                                                  • Opcode Fuzzy Hash: ca52a2f53a9c0a0729c187abccbcb803a989d5f4c3bea1fdb9b576b88aca05b1
                                                  • Instruction Fuzzy Hash: 0591BD74901228CFDB25CF65C988BEDBBB1BF49305F1580E9D549AB261CB71AE89CF40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B58EE, Relevance: .2, Instructions: 176COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 187caec5f5218df3f745c09a184670c33502c9c799c048a7829159f7ec1df001
                                                  • Instruction ID: 0a974d78fba34851745eb3b836f13b3dee132810f15d3cd7b2cc8f6ae03da351
                                                  • Opcode Fuzzy Hash: 187caec5f5218df3f745c09a184670c33502c9c799c048a7829159f7ec1df001
                                                  • Instruction Fuzzy Hash: 1081BF74901228CFDB65CF65C988BEDBBB1BF49305F1180E9D549AB261CB35AE85CF40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B58CB, Relevance: .2, Instructions: 175COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 08c0036757200dd684e0f1859b0867a6d3c22c22ccb09d1c7bb8e28536520c9f
                                                  • Instruction ID: f06e2b9b600e7fa5996aacfa3bfba823dc91a0158ce89c10f37c12430e17f79f
                                                  • Opcode Fuzzy Hash: 08c0036757200dd684e0f1859b0867a6d3c22c22ccb09d1c7bb8e28536520c9f
                                                  • Instruction Fuzzy Hash: C681CE74901228CFDB26CF65C988BEDBBB1BF49305F1180E9D549AB261CB31AE85CF40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B5922, Relevance: .2, Instructions: 175COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5e25da53c27ad59a016ce8852d7550f834322cf01b8ec251e7733510c57d112c
                                                  • Instruction ID: 230054613de43f4a630b699ce397711cb37d0ea4dcd46a341fc0d0c75bd5da18
                                                  • Opcode Fuzzy Hash: 5e25da53c27ad59a016ce8852d7550f834322cf01b8ec251e7733510c57d112c
                                                  • Instruction Fuzzy Hash: A881AD74901228CFDB25CF65C988BEDBBB2BF49305F1180E9D549AB261CB75AE85CF40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B5891, Relevance: .2, Instructions: 173COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b1aaaf62fd9cd8b759b8e270e164222d96161a89fdfc2021dab9c39160e12265
                                                  • Instruction ID: d75a276e9259f2a5a0cf1102bd404007e8fc2553a498ea19a70293473c30c2ef
                                                  • Opcode Fuzzy Hash: b1aaaf62fd9cd8b759b8e270e164222d96161a89fdfc2021dab9c39160e12265
                                                  • Instruction Fuzzy Hash: 0881C074901228CFDB26CF65C988BEDBBB1BF49305F1180E9D549AB261CB75AE85CF40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029BF741, Relevance: .2, Instructions: 167COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d3cf4ebabd0f0c5360dfda9358667f62fba7ebc0069f883a53b6f61175c3ec15
                                                  • Instruction ID: 2ec12b0cac147871be87c6a42256e8961fab5903359d18075aef3ec84d1e910e
                                                  • Opcode Fuzzy Hash: d3cf4ebabd0f0c5360dfda9358667f62fba7ebc0069f883a53b6f61175c3ec15
                                                  • Instruction Fuzzy Hash: AB51AE30F00208EBDB159BA9D954BFDBAE6BF88701F24846AF502EB794DB70CD418B55
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B8CB6, Relevance: .2, Instructions: 157COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 38d93d260d6134a9da00724c63c3d3afa07f92c27673e7166a0bf367afb324a4
                                                  • Instruction ID: 45bd2d613eacff548b68f741825375fe084f0c4b2662a87460eec43e86b44609
                                                  • Opcode Fuzzy Hash: 38d93d260d6134a9da00724c63c3d3afa07f92c27673e7166a0bf367afb324a4
                                                  • Instruction Fuzzy Hash: AA617D78A09209DFCB05CFA8D684AEDBBB9FF5D310F109955E819AB315C731A941CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B64C0, Relevance: .1, Instructions: 148COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9edcf94159ce291293d3bdbcb80fab108e3370506c0eed6bdbab6b8723eaa520
                                                  • Instruction ID: 9d0b791af174592173c7e669dddf3ac984d9667791a0d8873dd94c54c007c166
                                                  • Opcode Fuzzy Hash: 9edcf94159ce291293d3bdbcb80fab108e3370506c0eed6bdbab6b8723eaa520
                                                  • Instruction Fuzzy Hash: EA5116B0D09208EFDB06CFA9D684BEDBBB9AF49304F109569E509A3254D774AA94CF40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029BF038, Relevance: .1, Instructions: 148COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 65c5bc5660024f0b76689c4e2388d25365b508553c96457897a9b5dd934cffa7
                                                  • Instruction ID: aa0f2b191373a2903a2d7d1581f00f152b31a6d87731cce0e627c56f0cfab69d
                                                  • Opcode Fuzzy Hash: 65c5bc5660024f0b76689c4e2388d25365b508553c96457897a9b5dd934cffa7
                                                  • Instruction Fuzzy Hash: 5A516C70E04215CFCB15CBA8CA80AFEBBF1FF58300F14896AE446A76A1D3349D85CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B85BF, Relevance: .1, Instructions: 148COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 708c135dc09a017c448708d60d6dfe5ec8fc67dcb38dfef15c746222395aca0e
                                                  • Instruction ID: 2e4b4fb4c409408bba9016fc332c0676d39c7c7239de5924bd81dcd894138832
                                                  • Opcode Fuzzy Hash: 708c135dc09a017c448708d60d6dfe5ec8fc67dcb38dfef15c746222395aca0e
                                                  • Instruction Fuzzy Hash: 9351ACB8D08208DFCB05CFA5D684AEDBBF9BF49310F10955AE819AB361C7349A45CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A62C77, Relevance: .1, Instructions: 148COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b4e28996a20795d840a7c19cdef1094a32db92c14ea0b7f3250888c4430c106b
                                                  • Instruction ID: 20f5499371ad352b0c7e59e19623a0df9f603e085f53569bf900b8749d57632b
                                                  • Opcode Fuzzy Hash: b4e28996a20795d840a7c19cdef1094a32db92c14ea0b7f3250888c4430c106b
                                                  • Instruction Fuzzy Hash: CF412275C16289AFEB21DFB5C9059DABFFABF4E208B08454DF482A3142D3304691CFA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B6A80, Relevance: .1, Instructions: 146COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8297de72e74f99a6cccb4b20b769faea3fa5f99eda694cef42b8bea97a8c86a7
                                                  • Instruction ID: 3228cb5e86de69eeed87a51de11f4264cff26a2c40d48b11e56bc337cafa12b5
                                                  • Opcode Fuzzy Hash: 8297de72e74f99a6cccb4b20b769faea3fa5f99eda694cef42b8bea97a8c86a7
                                                  • Instruction Fuzzy Hash: A8518F75E06219DFCB08CF99E68499DBBF6BF88310B258169E814AB315D730EA41CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B7B70, Relevance: .1, Instructions: 145COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 41f43f889e5ea4af0b41f9bd808702693eb897d3545c2b24b7a2d23c9e00513b
                                                  • Instruction ID: d9da614a0ea5e4351a33f440dcc5d84a98d040e61e46f3d2222766afc092dfe6
                                                  • Opcode Fuzzy Hash: 41f43f889e5ea4af0b41f9bd808702693eb897d3545c2b24b7a2d23c9e00513b
                                                  • Instruction Fuzzy Hash: D341257690A2C55FCB238BB499616EDFFB1EF82A11B1846CFD48187312DB309A47CB50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B01F8, Relevance: .1, Instructions: 143COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b7e82e3f6e6b255f284deeb24f19f26f03db53a0e00f228ad17ff77f1e9a4514
                                                  • Instruction ID: dd661df017f68e2b55b07adc3ed78d47bf55f6fc5ccc40e9dc3eebb69d0d578a
                                                  • Opcode Fuzzy Hash: b7e82e3f6e6b255f284deeb24f19f26f03db53a0e00f228ad17ff77f1e9a4514
                                                  • Instruction Fuzzy Hash: 7251E630D0125EDBCF01EFE4D9446EEBBB6FF85344F10452AD505AB264DB70690ACB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029BD049, Relevance: .1, Instructions: 139COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 14b57c37a5677028c3db77eed03ad2d5e249e9eacace71c4beb611d1aa56fa91
                                                  • Instruction ID: 610c281b6a92bcdf18ccd821e6c69419fe9ad7fdf24da318b4c3b396624335a0
                                                  • Opcode Fuzzy Hash: 14b57c37a5677028c3db77eed03ad2d5e249e9eacace71c4beb611d1aa56fa91
                                                  • Instruction Fuzzy Hash: 6851A874E002089FDB09DFE5D950AEDFBB2BF89300F64802AD505AB3A5DB355942CF65
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029BD2A8, Relevance: .1, Instructions: 134COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 23dc06760ff018527f29e1e2d4c0306c5c7b8f27d3fc826eba1e13e62e32dca5
                                                  • Instruction ID: adb50b5b2f62693b6a7b064f05ea1108b3ed43bcae95647f3bee9abd38db28a7
                                                  • Opcode Fuzzy Hash: 23dc06760ff018527f29e1e2d4c0306c5c7b8f27d3fc826eba1e13e62e32dca5
                                                  • Instruction Fuzzy Hash: 2F517970B002458FCB159BA9C859BEEBBF2EF88705F10806AE506EB3D5DA748901CB65
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029BD2B8, Relevance: .1, Instructions: 133COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2d6c3e9a8fc51508e32f8eddbe39c5013812bd9abcec44cf416d7ff8902dd7d8
                                                  • Instruction ID: 3177851e4f5ef83334a817005e2b970e4990ced77048d449bf122dd38a0bddf5
                                                  • Opcode Fuzzy Hash: 2d6c3e9a8fc51508e32f8eddbe39c5013812bd9abcec44cf416d7ff8902dd7d8
                                                  • Instruction Fuzzy Hash: 3A417C70B002498FCB15DBA9C855BAEB6F6FF88705F10842AE506EB395DB748D01CB65
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A60007, Relevance: .1, Instructions: 133COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fb5bac1d41894523d29f541ae861aa45d167b219514a64241ad3ba61279cb60f
                                                  • Instruction ID: d5d9348af1be82c455a0ddcba658a1ae2c3c83ba49c3584ed02f39f4a9502b7f
                                                  • Opcode Fuzzy Hash: fb5bac1d41894523d29f541ae861aa45d167b219514a64241ad3ba61279cb60f
                                                  • Instruction Fuzzy Hash: 3241EB7190A3919FD7529F36CE115BA7FB1AF06204F0A41ABF5D5CB2E2D3389884C3A1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029BD058, Relevance: .1, Instructions: 132COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: df8f1e58acf8a5f6c7a7dbd1e8dd353438058219c2a3230e59cd0b0608f4c08f
                                                  • Instruction ID: 25d2e176b4ba9b9e79dd437e3341de88b5332b62ee16b757290288619dbe8510
                                                  • Opcode Fuzzy Hash: df8f1e58acf8a5f6c7a7dbd1e8dd353438058219c2a3230e59cd0b0608f4c08f
                                                  • Instruction Fuzzy Hash: 7D519774E002099FDB19DFE9D950AADFBB2BF89300F60802AD505BB3A4DB355941CF65
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B0700, Relevance: .1, Instructions: 129COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 14bed6e5ad4a153d97ce73025f727ee526198a5b43b1da426a065be173fc0bb2
                                                  • Instruction ID: ed417922c280d07a371ecfe32220f21469f3a99ca7190bc3d0494d580ea9a0fc
                                                  • Opcode Fuzzy Hash: 14bed6e5ad4a153d97ce73025f727ee526198a5b43b1da426a065be173fc0bb2
                                                  • Instruction Fuzzy Hash: 72410831D0561E9FCF01DFA4C8449EEBB76BF46304F01481AD5057B264EB712A0ACF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B0508, Relevance: .1, Instructions: 124COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 62e9a27889dc3159767d76068656ef5ea83e98d15b5dc53fd1b67d275706b103
                                                  • Instruction ID: fd2c8f6009a676e052158d048348db777ee4236560263646a838ecccae7b815c
                                                  • Opcode Fuzzy Hash: 62e9a27889dc3159767d76068656ef5ea83e98d15b5dc53fd1b67d275706b103
                                                  • Instruction Fuzzy Hash: 22517CB8E00218DFDB11CFA9C584BADBBF5AF4D340F1045A6E912AB360D775AA50DF20
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B0710, Relevance: .1, Instructions: 118COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2d67ad6b4401035ee993b3b1f41ad2a9db2f8413658151d9729868e7f5b0e371
                                                  • Instruction ID: a7ef20b42944a9f516694b7abee7499ee9ecdc98e0282236bc8f32cb546b897c
                                                  • Opcode Fuzzy Hash: 2d67ad6b4401035ee993b3b1f41ad2a9db2f8413658151d9729868e7f5b0e371
                                                  • Instruction Fuzzy Hash: 2E41E331D0162E9BCF01DFA4C9849EEBB76FF46304F414825D9057B264EB716A1ACF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B0070, Relevance: .1, Instructions: 113COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f3d338e84ed2a046361842c9fe03d1524624dbb3e4bdb74c36ae20e14fa6136c
                                                  • Instruction ID: 4a32111e0d4135e41e1b3f5fcfd403f1c4999033ae3c24a948c7a83570866ef6
                                                  • Opcode Fuzzy Hash: f3d338e84ed2a046361842c9fe03d1524624dbb3e4bdb74c36ae20e14fa6136c
                                                  • Instruction Fuzzy Hash: F1410531C0521EDECF06DFE4C944AEEBBB6AF4A304F145829D5057B160DB706A4ACF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A62CAB, Relevance: .1, Instructions: 110COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6aeea27b2f02f41764554df0f08ce37be9a1bc2dfb77be1a57f2796ff423e410
                                                  • Instruction ID: c04dab18dee38cf79a40d5b27c030a643fa352c33b94254f937c093a440c9480
                                                  • Opcode Fuzzy Hash: 6aeea27b2f02f41764554df0f08ce37be9a1bc2dfb77be1a57f2796ff423e410
                                                  • Instruction Fuzzy Hash: 2F31D171D16249AFEB21DF65C8419DAFFFAAF4E218B09855DF481A7142C3304691CBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B5121, Relevance: .1, Instructions: 106COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2c8c25a42b9c14fbd38390353af6f7396d327c745c01a79fa2a48941fdd1538b
                                                  • Instruction ID: e2bc61362fc300e3d0681819951fbdb5c23eed769289e5ab1473f2099ab3ef80
                                                  • Opcode Fuzzy Hash: 2c8c25a42b9c14fbd38390353af6f7396d327c745c01a79fa2a48941fdd1538b
                                                  • Instruction Fuzzy Hash: B1416970E01249DFCB05DFA8D985AEDBBB2FF88304F6484A9E405AB365EB319901CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029BCCA0, Relevance: .1, Instructions: 105COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a16346629e3d81d2722be23f053faa26b6e2b7aaec8a4670080518e1171cce89
                                                  • Instruction ID: 850d63266e4860adb6085152d8047d7108287b3e7b13d5201d134acf35f95994
                                                  • Opcode Fuzzy Hash: a16346629e3d81d2722be23f053faa26b6e2b7aaec8a4670080518e1171cce89
                                                  • Instruction Fuzzy Hash: ED41A0B4E05219DFCB05DFA9D5806EDFBF6BF88305F20986AE415A7350EB349A41CB50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B64FC, Relevance: .1, Instructions: 104COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c672c8eb8b26bc4fdbc2f3508507eeafafb2d0787cb68eb81cd5f48e1bcc0069
                                                  • Instruction ID: 740de6c7b4fff543becd22338eac7f5aaa62752a0e9b85c73c0949af090185b4
                                                  • Opcode Fuzzy Hash: c672c8eb8b26bc4fdbc2f3508507eeafafb2d0787cb68eb81cd5f48e1bcc0069
                                                  • Instruction Fuzzy Hash: A1413B70D09248DFCB02CFA8C688BDCBFF9AF4A304F14509AE445A7296D774AA95CF00
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B9680, Relevance: .1, Instructions: 100COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4e484fca6a01d533ce5a0f0d89292c0a36c0a55b3039a24a091ef28cd126c96a
                                                  • Instruction ID: 4a27be3984c4e39aa27426508813e1908fdb9e26ba4c23677e1ed7a14eba5758
                                                  • Opcode Fuzzy Hash: 4e484fca6a01d533ce5a0f0d89292c0a36c0a55b3039a24a091ef28cd126c96a
                                                  • Instruction Fuzzy Hash: D3411874D01209DFDB09DFA9D680AEEBBB2FF89304F208469D505AB364D7359942CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B9690, Relevance: .1, Instructions: 99COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2aaa442c5a5693a95799ef593cd6e82122559ab67678d43f4d691fb022690420
                                                  • Instruction ID: 6704d0f043c8bfb7788c72004084950c648190de4ffe529be2147d9dca6459a4
                                                  • Opcode Fuzzy Hash: 2aaa442c5a5693a95799ef593cd6e82122559ab67678d43f4d691fb022690420
                                                  • Instruction Fuzzy Hash: F041B574E01209DFDB19DFA9D680AEEBBB6BF89304F208469D5056B364DB31AD42CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A60070, Relevance: .1, Instructions: 93COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c1ee65a1d383f5390b6d2fd63a299e133b929f17fc200954d39aff61ba22c48b
                                                  • Instruction ID: 33c380d2f0661174267ae42780621f532d87767ccd18cb57dee0110ef4042bfa
                                                  • Opcode Fuzzy Hash: c1ee65a1d383f5390b6d2fd63a299e133b929f17fc200954d39aff61ba22c48b
                                                  • Instruction Fuzzy Hash: 3131A671A04615DFDB51AF7ACE016BEB7F0EF04309F05852BB6AADA291D334D8C4C6A1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B5130, Relevance: .1, Instructions: 92COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e03c1e1e16527766ce6b68df8386515a8740fa231868f0fffa54688493b08d00
                                                  • Instruction ID: fe2422be985a7a130aa0e6d7c5cc4e4ddb1d4832a4c1adb0d13271f63844c79f
                                                  • Opcode Fuzzy Hash: e03c1e1e16527766ce6b68df8386515a8740fa231868f0fffa54688493b08d00
                                                  • Instruction Fuzzy Hash: AF311670E01209DFCB05EFA8D985AEDBBB6FF88304F648469E505AB264DB319945CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A691E7, Relevance: .1, Instructions: 89COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fc2aae14d143a67d28a89a0665a8a7a0d452cacd224fab6a543409ebcbf1de79
                                                  • Instruction ID: 9d4c9691a2d3a5836d27a8a1e399ee90c1a21df7e29343a1fc6c7a2024b3cff7
                                                  • Opcode Fuzzy Hash: fc2aae14d143a67d28a89a0665a8a7a0d452cacd224fab6a543409ebcbf1de79
                                                  • Instruction Fuzzy Hash: 4C317AB4D1620ADFDB05DFA6C9905EEFFB5FF49200F1081AAE402A7285D7349A41CBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A6B580, Relevance: .1, Instructions: 86COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 71ef71b471291511512ff44e680facd60d50935cd1b36a92dd7c0853a37b4acd
                                                  • Instruction ID: 527d0484cf9dde7c90fd66189f150d6b8661f0685c2c36d8cf7649715033a0db
                                                  • Opcode Fuzzy Hash: 71ef71b471291511512ff44e680facd60d50935cd1b36a92dd7c0853a37b4acd
                                                  • Instruction Fuzzy Hash: 203138B4D1520ADFDB44EFA6C5846ADBBF1FF48310F1095AAE416A7290D7349A908F60
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B0409, Relevance: .1, Instructions: 85COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d67b4ecc96c31502037f0600cbf6b2d558831c6fea6a8f58d23dd91897112b95
                                                  • Instruction ID: b2328255d336754020a7e9f5a7cb5f20193ee08049600949c8925757ccc126c7
                                                  • Opcode Fuzzy Hash: d67b4ecc96c31502037f0600cbf6b2d558831c6fea6a8f58d23dd91897112b95
                                                  • Instruction Fuzzy Hash: 5E316775D0520ADFCF16CFA5D944AEEBBB6FF89310F009029D109A7220E7341A4ACF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029BCA60, Relevance: .1, Instructions: 85COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c454118d7d048a7c0d0ff9945bd4274dcb86b82b420b11267d942abb9143929f
                                                  • Instruction ID: aae7e0de69fda35f64051961bfa7b8a519e0360f9338d2620cd1b67af1dc96d2
                                                  • Opcode Fuzzy Hash: c454118d7d048a7c0d0ff9945bd4274dcb86b82b420b11267d942abb9143929f
                                                  • Instruction Fuzzy Hash: 07319E71D042199FDB04DFA9E9847EEBBB6BF89305F14842AE805B7250D7741A45CFA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B0418, Relevance: .1, Instructions: 79COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7d5e0e5cec62162cad4c22b0017e1dbbe8af0e97d3cc992b0d529a1afe80f99f
                                                  • Instruction ID: 3971b383bb65eb017f912473ec1ab5503680fec5e52a89922619f61ed6593e43
                                                  • Opcode Fuzzy Hash: 7d5e0e5cec62162cad4c22b0017e1dbbe8af0e97d3cc992b0d529a1afe80f99f
                                                  • Instruction Fuzzy Hash: 1C311274D0520ADFCF15CFA6DA44AEEBBB6BF89314F109429E109A7220E7745945CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A61731, Relevance: .1, Instructions: 78COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 564d5773a6e1fee6ae6d1a85cfcd4558d11c7f7ba1aca40367baf9f712c2eafa
                                                  • Instruction ID: b1ff70b0f145c8cb861d62ef0e993222ba570b88fc3b5d77d1aca6674c6add31
                                                  • Opcode Fuzzy Hash: 564d5773a6e1fee6ae6d1a85cfcd4558d11c7f7ba1aca40367baf9f712c2eafa
                                                  • Instruction Fuzzy Hash: F3312BB4E0424ADFDB44CFAAC4819AEBFF1FB48310F14855AD815A7364D7389A42CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029BD228, Relevance: .1, Instructions: 77COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b856c339225ca0f55db55e6620a026a9d1668a7511b25c1c46191a3061cff338
                                                  • Instruction ID: 4aa4024b365304affc01a55a6d9df46888636b603a1ca815c694c362240fcc19
                                                  • Opcode Fuzzy Hash: b856c339225ca0f55db55e6620a026a9d1668a7511b25c1c46191a3061cff338
                                                  • Instruction Fuzzy Hash: 6221B031A013085FCB04DBA8D85079EBBF2BF89300F65816AD549AF398DB349D05C7A1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B8808, Relevance: .1, Instructions: 76COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d2d92836a1fe18b2168080c5e2b0517a4a374580f2821d9c68f8e97877be77a5
                                                  • Instruction ID: 012142d2af0a07a1721d4935d5412f9c12e880ef8d2b934f36ef1e71b3397cb7
                                                  • Opcode Fuzzy Hash: d2d92836a1fe18b2168080c5e2b0517a4a374580f2821d9c68f8e97877be77a5
                                                  • Instruction Fuzzy Hash: 2021F2B0D0A209CFDF06CF95C6446FEBBBDBF4D300F14A86AD42967250D3789981CA90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A61740, Relevance: .1, Instructions: 73COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 682acaf561c2ca1d3c9cea99f21a45182221d7e8848e8c2e2ca5be84bd65f1cf
                                                  • Instruction ID: 28de61cf98a8fb9e42fba844356014a33895c11a2216ef39b644554418bb2fe4
                                                  • Opcode Fuzzy Hash: 682acaf561c2ca1d3c9cea99f21a45182221d7e8848e8c2e2ca5be84bd65f1cf
                                                  • Instruction Fuzzy Hash: 8331D8B4D0420ADFDB44DFAAC4819AEFBF1FB48310F50956AE815A7764D738AA42CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A63288, Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1b2057186e002ae5984c48c7a8d0cadc197bfa24250576dd5878b232d8b9e789
                                                  • Instruction ID: c12e47dea648fafb03649cd6266f3859bfd18e51d7a62844592aeb856ba50bf6
                                                  • Opcode Fuzzy Hash: 1b2057186e002ae5984c48c7a8d0cadc197bfa24250576dd5878b232d8b9e789
                                                  • Instruction Fuzzy Hash: 222157B0D00219EFDB44DFAAC585AAEFBB1FB54305F10D4AAE414AB250E7349A42CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029BEF09, Relevance: .1, Instructions: 67COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 77120af5b4bd54cdd67426ae339df5933da07f108b600ed207e0679d4a0abb44
                                                  • Instruction ID: a75cd2d5193b507979e84050c307104cec93d2771e5b76ee7ae355f412890d9a
                                                  • Opcode Fuzzy Hash: 77120af5b4bd54cdd67426ae339df5933da07f108b600ed207e0679d4a0abb44
                                                  • Instruction Fuzzy Hash: BE21A772A051098FC702CF2CDA88BEAB7BAFF44308F8584B6F4549B2A1C3319914CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029BD4D8, Relevance: .1, Instructions: 64COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b207baeebf0f28c2d75c944ae379e7177974a3fbdfff1be7c004d3295b2234fd
                                                  • Instruction ID: 0596f70777efffc5c6fffcf976da065bb38311f18b04cc82347a57f1ffb359f5
                                                  • Opcode Fuzzy Hash: b207baeebf0f28c2d75c944ae379e7177974a3fbdfff1be7c004d3295b2234fd
                                                  • Instruction Fuzzy Hash: 1E11C4B2A081658BC71A8A6CCD446BE7765EF06304F014977E516DB286D3B4E94487B1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029BD4CA, Relevance: .1, Instructions: 62COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7e63c8c40e530352edc89913dde23606237cfcb22cab761d07a6bccd92c68458
                                                  • Instruction ID: 87589322f26df8cdd59d1f46ca09eda4e4bcbd88ca258bb508ad961ed455f066
                                                  • Opcode Fuzzy Hash: 7e63c8c40e530352edc89913dde23606237cfcb22cab761d07a6bccd92c68458
                                                  • Instruction Fuzzy Hash: 7D1106B2A080658BC71ACB6CDD446FEBBB6EF06214F014977E416DB2D6D3B0E90587B1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A61851, Relevance: .1, Instructions: 62COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 78c5033fcf31a3e0d5582d7d2f0b832d91b2c92ae00f79b9f06b5892d7a44fbc
                                                  • Instruction ID: b127384d2360b4ccd81fc4eaa542cc0b9be04f24d6391b40dda7f2f708a189e2
                                                  • Opcode Fuzzy Hash: 78c5033fcf31a3e0d5582d7d2f0b832d91b2c92ae00f79b9f06b5892d7a44fbc
                                                  • Instruction Fuzzy Hash: BB2129B0E0420ADFCB44DFAAC5859AEBFF2BF89300F158596D414AB265D7309A418B50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029E0724, Relevance: .1, Instructions: 62COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675960615.00000000029E0000.00000040.00000040.sdmp, Offset: 029E0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 23021e700d3282bea6b7d52c4bd087777ae1cb05302877444fa46ce5c61db632
                                                  • Instruction ID: 0f91a5fbeacd7e5f3c6984215c800551f898fbbcd1cf6ecd4469562aa13c5750
                                                  • Opcode Fuzzy Hash: 23021e700d3282bea6b7d52c4bd087777ae1cb05302877444fa46ce5c61db632
                                                  • Instruction Fuzzy Hash: 85218E3510E3C48FC7038B20C961755BFB5AB47614F2985DED8855B6A3C33A980BDB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029E075C, Relevance: .1, Instructions: 59COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675960615.00000000029E0000.00000040.00000040.sdmp, Offset: 029E0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bfcc465d838b4d8bb85f502781095ecac0038d74330ec56acb899ebab584605c
                                                  • Instruction ID: fc527ac409739480ba71b9bacb798b16594c8c6f1995c68acda51f268b3fb525
                                                  • Opcode Fuzzy Hash: bfcc465d838b4d8bb85f502781095ecac0038d74330ec56acb899ebab584605c
                                                  • Instruction Fuzzy Hash: 9411DA34204344DFD716CB14CD81B25BBD5EB48708F24C9ACE94A1B652C7BBD803CE51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B0DB8, Relevance: .1, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6c16451ed2379abf7a6591e144b4210dc51ff02a41dc7e6160ea408a3c4d9de2
                                                  • Instruction ID: 0d57dc5ab608a84c31a61681dba3953514d57ff2af6a4060d74254d0c148bd09
                                                  • Opcode Fuzzy Hash: 6c16451ed2379abf7a6591e144b4210dc51ff02a41dc7e6160ea408a3c4d9de2
                                                  • Instruction Fuzzy Hash: D5111C70E01149DFCB05EBA9C581AEEB7B5FF89304F1086A9D4196B365DB306E00DB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B6350, Relevance: .1, Instructions: 53COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: eaeafc78f8d855c0a40a8eb30c1d738c46aad747e28a5389cc00a6aa9d872b61
                                                  • Instruction ID: 18436b206fc460dafbf5132b00ea9875cd3f6fe33fa21cf1d3aef91618e53756
                                                  • Opcode Fuzzy Hash: eaeafc78f8d855c0a40a8eb30c1d738c46aad747e28a5389cc00a6aa9d872b61
                                                  • Instruction Fuzzy Hash: 6C118E74D0528ACFCB01DFA8C580AAEBFB1FF49310F10469AD955A7391CB30AA45CF91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029BEF8B, Relevance: .1, Instructions: 51COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1a6e9538a226ee9c37cba469fd817e5457a757c180e070efc2b233d19fc04eb6
                                                  • Instruction ID: b9a51be1e9ba6469945af3e17b0a3ba7ac7c046868534555d6e7bb11d58a0128
                                                  • Opcode Fuzzy Hash: 1a6e9538a226ee9c37cba469fd817e5457a757c180e070efc2b233d19fc04eb6
                                                  • Instruction Fuzzy Hash: 56116A72A15005CFC7028F28DA88BF9B3A5FF00309F8588B6F5659B2A1D376D914C751
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B6360, Relevance: .0, Instructions: 48COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9b4be531eb8d396f77628c5ea262dbf97631e830c62d328c62d96825067f2862
                                                  • Instruction ID: 4f122ee56bc08dd9613099f761aad12ea25935d967acb0e043211ccea9b5db55
                                                  • Opcode Fuzzy Hash: 9b4be531eb8d396f77628c5ea262dbf97631e830c62d328c62d96825067f2862
                                                  • Instruction Fuzzy Hash: C5117C74D0420ADFCB04EFA8C584AAEBBB5FF48310F104699D92567395CB30AA85CF91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A63380, Relevance: .0, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b1e9b0a8b0cb74cfa94552393552bf05c9f9120101111081438bbffe2efc23d8
                                                  • Instruction ID: a48d1d24a950991c60b109959d6c1e5f3940cb123bfb5c8841589aa19bf15905
                                                  • Opcode Fuzzy Hash: b1e9b0a8b0cb74cfa94552393552bf05c9f9120101111081438bbffe2efc23d8
                                                  • Instruction Fuzzy Hash: E6011B74A44208EFCB05DFA8C989A5DBFF1AF48200F198099E5089B3A1DB31DD51CB41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A62D40, Relevance: .0, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 09cabd6ff69dec826865a4b4bcfdb24f660b209d1f9957f128cc946189324aaf
                                                  • Instruction ID: 0b66a176d07f3de56d985fb7e20a50274e4fb634d2e5aa3ec2f18730aecbbfcd
                                                  • Opcode Fuzzy Hash: 09cabd6ff69dec826865a4b4bcfdb24f660b209d1f9957f128cc946189324aaf
                                                  • Instruction Fuzzy Hash: F211D0B4D01209DFDB48DFAAC5449AEBBF6BF8C310F14C169E814A7264D7309A81CFA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029E05CF, Relevance: .0, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675960615.00000000029E0000.00000040.00000040.sdmp, Offset: 029E0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cfbe386a1450d0fc61924b453fd498016ff763daf7a516169de93034f062510f
                                                  • Instruction ID: ba42c0cf79d47a60828015c7651164d40c73a3aaa8ac37c3007ddf4902baf716
                                                  • Opcode Fuzzy Hash: cfbe386a1450d0fc61924b453fd498016ff763daf7a516169de93034f062510f
                                                  • Instruction Fuzzy Hash: B901DB751087C06FD7118F19EC40893FFE8DF46230709809BEC888B612D125B959CBB1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B0690, Relevance: .0, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f42d174b9a4659adaefa1dc36483d02cb1eefffcd509704f4af2e96087f970b5
                                                  • Instruction ID: 5058f25dfe7c8775500cbed33facfbc212bf25cf560b10a0139a8179ac4f0bd2
                                                  • Opcode Fuzzy Hash: f42d174b9a4659adaefa1dc36483d02cb1eefffcd509704f4af2e96087f970b5
                                                  • Instruction Fuzzy Hash: B2F04970E46218DBC708DBF0C5809EFBBBAEFC9204F10D9A8840533284DB30AE41CA84
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029BCEC8, Relevance: .0, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4990413acf05765b000cbeaf9c1b28d349c6055c84071eb2cc4e3de2197e5a9d
                                                  • Instruction ID: 5c827de27be0fbe76b7fdf699d2007b5d47cf3a221b3cfdf00d2d47d10eeeaee
                                                  • Opcode Fuzzy Hash: 4990413acf05765b000cbeaf9c1b28d349c6055c84071eb2cc4e3de2197e5a9d
                                                  • Instruction Fuzzy Hash: AA018B34D09288DFCB01DFB4C548AAEBFB4EF46315F1495EAD815AB3A1C7308900CB01
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029BCDE1, Relevance: .0, Instructions: 41COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6b2c3a2a8e22405e84b2db55859f5fb8b0ceac150e59e24b25415035eec43b7f
                                                  • Instruction ID: df6675fd2688e5f14ffdd2fc47a435af1ef6c4ec90bc57cf37b6d78497b05618
                                                  • Opcode Fuzzy Hash: 6b2c3a2a8e22405e84b2db55859f5fb8b0ceac150e59e24b25415035eec43b7f
                                                  • Instruction Fuzzy Hash: BB017C74D093898FCB02EF69C5506ADBFB1EF46300F1980EBC44497252D7345E05CB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029BCE50, Relevance: .0, Instructions: 40COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 97f87e467e4c7984737fb5171678dc373abb3c68538f3a98b702a325f1ca4a3d
                                                  • Instruction ID: 0f54d7b11e019b785d3a8c8ef7d419668beaa8ae75b738719cada77e215e6093
                                                  • Opcode Fuzzy Hash: 97f87e467e4c7984737fb5171678dc373abb3c68538f3a98b702a325f1ca4a3d
                                                  • Instruction Fuzzy Hash: 00F04938D09248EFD717DBA5C7846FCBBB9AF46300F1088ABE4429B251D7349E45DB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A6C100, Relevance: .0, Instructions: 40COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 04246c97abadb9b0724654713066bd080afe1abc7cff968032c9cbea21fc19ae
                                                  • Instruction ID: 229dac344d4ad5b8175f4146d082f6b63cd588e28385719797dd5ea23517e441
                                                  • Opcode Fuzzy Hash: 04246c97abadb9b0724654713066bd080afe1abc7cff968032c9cbea21fc19ae
                                                  • Instruction Fuzzy Hash: F301D134D04208DFDB48EFA5D4456ADFBB6FB89314F00D5A9E41667380EB309A40CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B64BA, Relevance: .0, Instructions: 38COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c3ca2ef1f6f854c7dcb9c0c550182458ad4cda0dee2dbf42220b543c8ddcb2b7
                                                  • Instruction ID: 91198fd2fe94183be061df1be070dc911f9f84318677b9bc71b745e743ab7a0c
                                                  • Opcode Fuzzy Hash: c3ca2ef1f6f854c7dcb9c0c550182458ad4cda0dee2dbf42220b543c8ddcb2b7
                                                  • Instruction Fuzzy Hash: 6B016D70D05609DFDB09DFAAD5416EEFFB6BF84304F10C66A8818A3214D7706A41CF80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029BCED8, Relevance: .0, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 357e77f2b4874bf7cdc946d6f520b74a314dcbb177aacb5c0d79707576c18b86
                                                  • Instruction ID: 3f58b6fb7a4bf9aaaae1a73171b0466e2e412ae42ea2b6ff4bf90b0fe4e088e4
                                                  • Opcode Fuzzy Hash: 357e77f2b4874bf7cdc946d6f520b74a314dcbb177aacb5c0d79707576c18b86
                                                  • Instruction Fuzzy Hash: BAF06778D04248EFCB04DFA8C548BAEBBB8FF45305F1094EAD819AB350DB309A40CB51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029BCE60, Relevance: .0, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7197b36d847312970cce3b35ce97591b16eb54ef8646d662883f01098f6bb093
                                                  • Instruction ID: 9e0acd3e21c83917c0246e67b85b3248150dba0d289da4876db7c2262bdcce39
                                                  • Opcode Fuzzy Hash: 7197b36d847312970cce3b35ce97591b16eb54ef8646d662883f01098f6bb093
                                                  • Instruction Fuzzy Hash: 3CF04978D1820CEFCB16CF98C3846ECB7BAAF85301F2084A6E44667210DB309E40DB60
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029BCEDD, Relevance: .0, Instructions: 35COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 05cb5134ce0fd9c56213d271aadff5d65e93d773ee3aa10cd4342566f30e7ede
                                                  • Instruction ID: fe110cb5e8ca340032c30e3f4884659ba7f1718c0484c11abec200ae376b35d0
                                                  • Opcode Fuzzy Hash: 05cb5134ce0fd9c56213d271aadff5d65e93d773ee3aa10cd4342566f30e7ede
                                                  • Instruction Fuzzy Hash: CAF09038E08244DFCB01CFA4C5449ADBFB5EF4A315F55D4EAD819AB351C7309901CB00
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B7BD8, Relevance: .0, Instructions: 34COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e734bc48928f939716f0f1322bd52d761e2e70cccd4cc5f565d27701abce7fcb
                                                  • Instruction ID: d102c8ee55c1138d2c6c08b54f0230cd4a6102bda8881a60d1ed948b1a7dd1dd
                                                  • Opcode Fuzzy Hash: e734bc48928f939716f0f1322bd52d761e2e70cccd4cc5f565d27701abce7fcb
                                                  • Instruction Fuzzy Hash: 9901EC74D0024ADBCB04EF98D98869DFBB1FF44705F1082AA9819A7354DF34AE45CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A63390, Relevance: .0, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c9807198125257b62196c03fc5d70c77c84b29d37f4e5980ce0decec7399c17d
                                                  • Instruction ID: c29c46b8ecbc98a1160af12091a949b8406555af5ebacc681e6588e45f518256
                                                  • Opcode Fuzzy Hash: c9807198125257b62196c03fc5d70c77c84b29d37f4e5980ce0decec7399c17d
                                                  • Instruction Fuzzy Hash: 4CF05F78A00208AFDB04DBA9C589A9DBFF5AB48200F15C199E9089B361DA31E951DB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A61920, Relevance: .0, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 832c8e820e1dc3c28dfc4100f03cf1406512a00c791792afa8e222e6a3887356
                                                  • Instruction ID: 27f3a37797fa620528baf0cb2f396b0034669987eed7ae4be6ecf42516ebacb5
                                                  • Opcode Fuzzy Hash: 832c8e820e1dc3c28dfc4100f03cf1406512a00c791792afa8e222e6a3887356
                                                  • Instruction Fuzzy Hash: F7F0E2B48043859FC702DBB8D9459AC7FB1BB06324B1802DAEC509B392C3358A42EB41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029E0818, Relevance: .0, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675960615.00000000029E0000.00000040.00000040.sdmp, Offset: 029E0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8388fa57679453dc7b04d871bb3dcfd317d9f8cb342853e5fed44ee7779b5e3e
                                                  • Instruction ID: be36bf5ed438068d7b45cbe77a6293e4d5173d24a5ce86a240ab2512ee67a072
                                                  • Opcode Fuzzy Hash: 8388fa57679453dc7b04d871bb3dcfd317d9f8cb342853e5fed44ee7779b5e3e
                                                  • Instruction Fuzzy Hash: C1F01D35104644DFC706CF40D940B25FBA6EB89718F24C6ADE9491B752C377E813DE81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B6400, Relevance: .0, Instructions: 30COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 02f12bb8791664606d73d69dbe617b11dfb2d426be2d7bf540c4feab778d2537
                                                  • Instruction ID: 67bbae40da92daa7205a8da3fa08b5e3e31085ea829f3de71073b7daecd9a9c3
                                                  • Opcode Fuzzy Hash: 02f12bb8791664606d73d69dbe617b11dfb2d426be2d7bf540c4feab778d2537
                                                  • Instruction Fuzzy Hash: DAF0E274D06259DFCB05DFA8CA8469EFFB6BF45300F2586DA8804AB365DB309E44CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029BCB68, Relevance: .0, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b43ff8d6b62b91845e3c9732a49a9809dacb3b906ecc4685d9ce9ed3adfe7205
                                                  • Instruction ID: b67a6c587b63829eadb820828e731b1feb024dfb81f8b60ec1414d0361bea4a2
                                                  • Opcode Fuzzy Hash: b43ff8d6b62b91845e3c9732a49a9809dacb3b906ecc4685d9ce9ed3adfe7205
                                                  • Instruction Fuzzy Hash: D2F0DF78D04208EFDB05EFA8D988AADBBB5FF49305F1084AAD844A7350DB315A44DF92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B08F8, Relevance: .0, Instructions: 27COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 14502cc6cdbb22754b99bbf9d8e30432c340cf0868fb7f4982d3a494b38cdb06
                                                  • Instruction ID: 20e814ab2c6cf9335a1f6bb0d1d06bad5e2218bde001655c5602f3f8a275b9ba
                                                  • Opcode Fuzzy Hash: 14502cc6cdbb22754b99bbf9d8e30432c340cf0868fb7f4982d3a494b38cdb06
                                                  • Instruction Fuzzy Hash: A1F0B278E04209EFDB40DFA8D584A9EFBF4FB08710F2086999814A7314D770AE40CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B6410, Relevance: .0, Instructions: 27COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7dbd1a4ac13f277f072c164f8b34e46b9a454f9c1745f53b111639483efa82a9
                                                  • Instruction ID: 3abd931827c405b13bfa14d004ee3206f69de4fab1b260792e6f0f30d7691c61
                                                  • Opcode Fuzzy Hash: 7dbd1a4ac13f277f072c164f8b34e46b9a454f9c1745f53b111639483efa82a9
                                                  • Instruction Fuzzy Hash: 4EF0DA74D0121DDFCB04DF98D545A9EFBB5FF44300F208699981467355DB70AE41DB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029E05F6, Relevance: .0, Instructions: 27COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675960615.00000000029E0000.00000040.00000040.sdmp, Offset: 029E0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0d5b933b47d28acc5e5f81a7d0ae43d78aafc74badb04c239ec581ecbb38d2a2
                                                  • Instruction ID: 8ddc93d9ed0788801c226b6f6b93d8b511af4a4e3d069c4cf034ee47c0da3d04
                                                  • Opcode Fuzzy Hash: 0d5b933b47d28acc5e5f81a7d0ae43d78aafc74badb04c239ec581ecbb38d2a2
                                                  • Instruction Fuzzy Hash: 3BE092B66406009BD750DF0AEC81456FBD8EB84630718C07FDC0D8B700E536F504CEA5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029BCE00, Relevance: .0, Instructions: 26COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 463a79df8d3af3cb0b94ec8c3b3fdb7c0f0c00246ee061d09716827de4bef450
                                                  • Instruction ID: 1603892e54094b5d443a78686c0b9cd4bc1a9fdae84eff3a841b42ff264c675c
                                                  • Opcode Fuzzy Hash: 463a79df8d3af3cb0b94ec8c3b3fdb7c0f0c00246ee061d09716827de4bef450
                                                  • Instruction Fuzzy Hash: 58F0A5B8E04219DFCB04DFA9D544AAEBBF5FF49301F1085AAD819A7350D7306A10CFA2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B7AB0, Relevance: .0, Instructions: 22COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 033009d47bf289456e61edb4bd881b6f179058f2c10e0e5266df4f3acdfa07bc
                                                  • Instruction ID: aeaf11b7bc0a408d9f9689451012d4f83265796d625003edfe6bad1fb0842993
                                                  • Opcode Fuzzy Hash: 033009d47bf289456e61edb4bd881b6f179058f2c10e0e5266df4f3acdfa07bc
                                                  • Instruction Fuzzy Hash: E3E01A3A50520CCBCB50EB9CEA406E8B375FF8A316F008352D419AB259C7305A41CF81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A61930, Relevance: .0, Instructions: 22COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bbf4c0e7a80e1cfd7e81ceb9c6955ec38882e88e001c42692193220d6940d081
                                                  • Instruction ID: 6a852a5d43a713d347446b6e601793e02b00903c5121e71ba89c4147ac29aa7c
                                                  • Opcode Fuzzy Hash: bbf4c0e7a80e1cfd7e81ceb9c6955ec38882e88e001c42692193220d6940d081
                                                  • Instruction Fuzzy Hash: 70E0E5B4D00208EFDB44EFACD545AADBFB1FB09305F1085AAE814A7340D7319A51DF84
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A680F7, Relevance: .0, Instructions: 20COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8d9a55146e31e3c23c765f8d73ffa94e4b641897c9e4deec1c2be143a03626fa
                                                  • Instruction ID: 31dcaabc6023af915028c10af251fe5eebe700df0c32c9613f5bc708351a456f
                                                  • Opcode Fuzzy Hash: 8d9a55146e31e3c23c765f8d73ffa94e4b641897c9e4deec1c2be143a03626fa
                                                  • Instruction Fuzzy Hash: 81E0DF79C0030A9FC750DB68D4497887FE0EB02329F1802DDD8A48B2D2DB359243CB11
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A62264, Relevance: .0, Instructions: 20COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a3f732c108e55a36ecfc0061527d32b6deefd191ff113428593325644c92567f
                                                  • Instruction ID: 854437325d596e901662f956e5c083ebbb2ab52a25f20f628414004088afb1f3
                                                  • Opcode Fuzzy Hash: a3f732c108e55a36ecfc0061527d32b6deefd191ff113428593325644c92567f
                                                  • Instruction Fuzzy Hash: C9F06278902368DFDB64CF64C981B99BBB1BB09300F1011D9E409AB250D7359E80CF00
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B01B4, Relevance: .0, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 16d3c5db8026fe4ba7b42e36f1f48c01970ccc974afd4802f07eec02fa7dadb1
                                                  • Instruction ID: dbd473cf2b80f092686355b29709ea69887014a1d7f0af86228b7227a12d0c67
                                                  • Opcode Fuzzy Hash: 16d3c5db8026fe4ba7b42e36f1f48c01970ccc974afd4802f07eec02fa7dadb1
                                                  • Instruction Fuzzy Hash: 94D01735906208CFCB148FA0E8853EDFB34FF86319F20586AC60AA7211C7355546CF80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A6B1E0, Relevance: .0, Instructions: 17COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5670342bdd4ed819052c6900d886dc12d461983a0f1884d074e59a63841d8a46
                                                  • Instruction ID: 190b0a4c1a66bdbeaf8aeb820e5007a91147830374022809faffb83e289a605d
                                                  • Opcode Fuzzy Hash: 5670342bdd4ed819052c6900d886dc12d461983a0f1884d074e59a63841d8a46
                                                  • Instruction Fuzzy Hash: 1FD01770D15208AFCB84EFA9D405A9DBBF4AB44700F1082A99818A3240DB74AA90CBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A68108, Relevance: .0, Instructions: 17COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8a31d08c7e5ce3e05a3b6cfa0f616b3d433db7729812038afd531f16e9f6f5bd
                                                  • Instruction ID: 0abf50bf3e90391acc230df9c660eedf368296606b00ba473251cd9cb29c2fc0
                                                  • Opcode Fuzzy Hash: 8a31d08c7e5ce3e05a3b6cfa0f616b3d433db7729812038afd531f16e9f6f5bd
                                                  • Instruction Fuzzy Hash: BBE0EC74D10208DFC750EFA8D04965CBFF4EB08304F1041E9D81497350E7349944CB51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A66D56, Relevance: .0, Instructions: 17COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 083f3a3824b4ac4cff6b0c4eee3384192a691e695548536ec7f78372b318dbed
                                                  • Instruction ID: 65a7df49f4388f7e6de35a347b2144d8d84ea942cbecf4488c87ab4d1127ab8d
                                                  • Opcode Fuzzy Hash: 083f3a3824b4ac4cff6b0c4eee3384192a691e695548536ec7f78372b318dbed
                                                  • Instruction Fuzzy Hash: D8E07EB8D042588FDF00CFA4C881A9DB7B5AB14300F409056A918AB345D3349A05CF05
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B019B, Relevance: .0, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7c8642af1aba1159cfa715cffbf86eb7fc3ad7b9fefc3d51e4ee4135c3f681cd
                                                  • Instruction ID: ce4f0e89eb285732b1c7c4308a04682ee2a9afa9718abc7a8c3dd50f3e458e1f
                                                  • Opcode Fuzzy Hash: 7c8642af1aba1159cfa715cffbf86eb7fc3ad7b9fefc3d51e4ee4135c3f681cd
                                                  • Instruction Fuzzy Hash: 5FD09236A46218CF8B248BA4E8815ECF739FF8A229B20556AD609A7211C7359552CF40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A6B1A0, Relevance: .0, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1896d59090828dcb153940c1f0d9d3df66d6a6250b8ccdc83cf111c23b5a9953
                                                  • Instruction ID: 0e42d4125ccb8f11816fddad57c626930d32a03d7486d61a1aca036964014f04
                                                  • Opcode Fuzzy Hash: 1896d59090828dcb153940c1f0d9d3df66d6a6250b8ccdc83cf111c23b5a9953
                                                  • Instruction Fuzzy Hash: CCD017B0D10208AFCB80EFA8D40569DBBF4AB04604F0081ADD808A3240EB349A50CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A623D5, Relevance: .0, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 111a70173434b9e85a9e5c14fe73dc22c42099ea6fd078140ef2b8abd8e98166
                                                  • Instruction ID: 00599e87c6218adaaa9d3a8422d736b194c22eea3c31501b3fdab4a680bcbf48
                                                  • Opcode Fuzzy Hash: 111a70173434b9e85a9e5c14fe73dc22c42099ea6fd078140ef2b8abd8e98166
                                                  • Instruction Fuzzy Hash: 52E07E789112089FCB44CFA4D280ACDBBB2FB48350F259559E801AB754D736DE85CF54
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A6AB00, Relevance: .0, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d13b7c56f04c6d3bc1c5047979d8e5315c0ca55033c9bd321d74a3b7002a8a62
                                                  • Instruction ID: 726c6d8ad7cae012ff3a76498b16d4384f0b297955064cd429cd2ace8a1d1cb2
                                                  • Opcode Fuzzy Hash: d13b7c56f04c6d3bc1c5047979d8e5315c0ca55033c9bd321d74a3b7002a8a62
                                                  • Instruction Fuzzy Hash: 28D06774E1020CAFCB54EFADD54579DBBF5AB44704F1085B9D818A7240EB35AA54CB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A6B160, Relevance: .0, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e2734953d36d8f895f760529f10e6797ee13f00c64fb62ef677950b2cc6f743b
                                                  • Instruction ID: 003ac026037b8819feba86682237cbf48206fd5cb2454afd2fe002cfe66f31ea
                                                  • Opcode Fuzzy Hash: e2734953d36d8f895f760529f10e6797ee13f00c64fb62ef677950b2cc6f743b
                                                  • Instruction Fuzzy Hash: 44D01770D10208AECB51EBB9A4052ACBFF4AB48200F1081AAD85493280EB349650CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A65D2A, Relevance: .0, Instructions: 15COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c4ed252f1d8cfd8d7a402c565956c8bd435172ae9ef21f1781ccb7ebc5058b19
                                                  • Instruction ID: 9e16b86cf599b32ed0ad7aed4c443d905c3275607e627462b4f4eae4f041f23f
                                                  • Opcode Fuzzy Hash: c4ed252f1d8cfd8d7a402c565956c8bd435172ae9ef21f1781ccb7ebc5058b19
                                                  • Instruction Fuzzy Hash: B9D05E34C0C398DEDB609F62881079AFAB1FB03200F1065C6408EA7110D33146418F63
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A66141, Relevance: .0, Instructions: 15COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 58508b4a70bc0fc0219633837820906b7e769fb2a8ef5be76b6d8aa71fc141ad
                                                  • Instruction ID: bb343fedf0a7be1227da323617a3adb0066df32382289008e02d88724aa1032f
                                                  • Opcode Fuzzy Hash: 58508b4a70bc0fc0219633837820906b7e769fb2a8ef5be76b6d8aa71fc141ad
                                                  • Instruction Fuzzy Hash: 5AE01774D043489FEB15CFA6C880B8EB7F6AF99300F00A0A69509AB214E3309A41CF20
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A60B6F, Relevance: .0, Instructions: 14COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 76e2464c9623f0edc4e289a640851897bd81052d1793751949dc7b0f2b2c8b1c
                                                  • Instruction ID: fc9c871012e01f26ea4cc3fbb991382d1df6682c48c4693f78a169c6b3e2a338
                                                  • Opcode Fuzzy Hash: 76e2464c9623f0edc4e289a640851897bd81052d1793751949dc7b0f2b2c8b1c
                                                  • Instruction Fuzzy Hash: 72E0BF70912219DFDB50DFA4DD95B9DBBB1FF44204F1016D5D149A7154DB305E84CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029B7F20, Relevance: .0, Instructions: 13COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f4d7de7787fc32d3898ccd1ec84f053aa0ea7e49c6c189bf20886c7efa7ed19d
                                                  • Instruction ID: 57f51ebd857dcf104882de5b92a52bd070c466034d17a2171a72c89b45908818
                                                  • Opcode Fuzzy Hash: f4d7de7787fc32d3898ccd1ec84f053aa0ea7e49c6c189bf20886c7efa7ed19d
                                                  • Instruction Fuzzy Hash: 2ED0C935F401089BDF10CBC4E945BDCFB70EB84716F104066E619A7290C6302916CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A66FCB, Relevance: .0, Instructions: 12COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 46071bc47f0120ac313b5279be2d25c8ec5ee85008ba56a0eb2c1063273df8d5
                                                  • Instruction ID: 2cf3b91b9bcae13716d2acb030c48c051363626b81da6c87c65d3a9edc9164b5
                                                  • Opcode Fuzzy Hash: 46071bc47f0120ac313b5279be2d25c8ec5ee85008ba56a0eb2c1063273df8d5
                                                  • Instruction Fuzzy Hash: 20D0C9B4D042488FCF46DF50C880BDAB7F5AB4A300F0012A6A54AE3241D7305B01CF49
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A66AA2, Relevance: .0, Instructions: 11COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 077dd3e874f636ff30772def2f8f85d1c240d2250af12c3c01ad4f5879bc7a48
                                                  • Instruction ID: 59a562d69ebbcdb443262e3c049b8c2abf56ab5081a79a4e1432755d64954735
                                                  • Opcode Fuzzy Hash: 077dd3e874f636ff30772def2f8f85d1c240d2250af12c3c01ad4f5879bc7a48
                                                  • Instruction Fuzzy Hash: 6AD0CAB8E0829C8BCF20DFA0C890BAEF775AB08300F0090AA942AA3242D7315A00CF45
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A65CE3, Relevance: .0, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8175ab77733ccb484ac7b6a206eb5c3fcfc44d50c05cf7dd8d60b9152ca68752
                                                  • Instruction ID: bab94e6cc2c5fb647e0f086993cb263e823042fce2fc3717c6e796cc27f83d23
                                                  • Opcode Fuzzy Hash: 8175ab77733ccb484ac7b6a206eb5c3fcfc44d50c05cf7dd8d60b9152ca68752
                                                  • Instruction Fuzzy Hash: 32C012B8C082888BDF40DF91C840BAEB7F6AB44300F0090AA9408B3640D7308A448F22
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A671AC, Relevance: .0, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 251d14f907e0b3ffd56def6c5c13f217ae441b6ab828d43a8479847a88b00c32
                                                  • Instruction ID: 4194c9f0ef00d76cd2764afb7adfea4b9ac7f67a51a7bcf969187cf6f9bb2c3c
                                                  • Opcode Fuzzy Hash: 251d14f907e0b3ffd56def6c5c13f217ae441b6ab828d43a8479847a88b00c32
                                                  • Instruction Fuzzy Hash: 04C01274D0838C8ECF41DF91D890B9EB7B5AB45300F1090A69009B3244E7308B008F06
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A62410, Relevance: .0, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e104fd94b22f73d0044a84a39d0c93fcd96bc849604fa448aa17e5947033151b
                                                  • Instruction ID: 85e4e81b98d457b6e9364c80b16e22a0829d7d9524bb29f0a385f93aedb244d1
                                                  • Opcode Fuzzy Hash: e104fd94b22f73d0044a84a39d0c93fcd96bc849604fa448aa17e5947033151b
                                                  • Instruction Fuzzy Hash: 71D0C970922355CFD745CBA1C250858BBB2EF06351B201858E006AB254CB35DA80CA50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A6595D, Relevance: .0, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f0d280f1dca39a6619c9201c39a13e301ac7e926f428354930fd1a1ed7bb757c
                                                  • Instruction ID: 6a7757b1a7dc8127fe4d160a13fc2d64d2b71dbf32585ebc764a57594055b8f1
                                                  • Opcode Fuzzy Hash: f0d280f1dca39a6619c9201c39a13e301ac7e926f428354930fd1a1ed7bb757c
                                                  • Instruction Fuzzy Hash: 04D0C97080721EEEDB50DF64DA84B8CBBB1FB04248F111A969408AB148D770EA408F80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 029BFE06, Relevance: .0, Instructions: 8COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.675909817.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 20c681249a6b1646cd64504ca38afa3716da3bf9b59177bf98ea03bf242c32f9
                                                  • Instruction ID: 22396952ef162eb4d0f760dbfadf774de75108b1a87390da9c2c634b0b151299
                                                  • Opcode Fuzzy Hash: 20c681249a6b1646cd64504ca38afa3716da3bf9b59177bf98ea03bf242c32f9
                                                  • Instruction Fuzzy Hash: D0C09B1115E2D5D6D782571469815D53F94DE06114B1818CED18459413DA155049C352
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Non-executed Functions

                                                  Function 00619A7C, Relevance: 2.0, Instructions: 2033COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 69%
                                                  			E00619A7C(void* __eax, void* __ebx, intOrPtr* __ecx, void* __edx, intOrPtr* __edi, signed int* __esi, void* __fp0) {
				intOrPtr* _t415;
				signed char _t417;
				intOrPtr* _t418;
				signed char _t419;
				signed char _t420;
				signed int _t421;
				signed char _t424;
				signed char _t425;
				signed int _t427;
				signed int _t429;
				signed char _t430;
				signed int _t431;
				signed char _t433;
				void* _t435;
				signed char _t440;
				signed char _t441;
				signed char _t442;
				signed char _t445;
				intOrPtr* _t448;
				signed int _t450;
				signed char _t451;
				signed char _t452;
				signed char _t454;
				signed char _t455;
				void* _t457;
				signed char _t458;
				signed char _t459;
				signed int _t460;
				signed char _t462;
				signed char _t463;
				signed char _t464;
				void* _t466;
				signed char _t468;
				signed char _t469;
				signed char _t470;
				signed char _t471;
				signed char _t472;
				void* _t474;
				signed char _t475;
				signed char _t476;
				signed char _t477;
				signed char _t479;
				intOrPtr* _t481;
				signed char _t483;
				signed char _t484;
				signed char _t485;
				signed char _t486;
				signed char _t487;
				signed char _t488;
				signed char _t489;
				signed char _t490;
				signed char _t491;
				signed char _t492;
				signed char _t493;
				signed char _t494;
				signed char _t495;
				signed char _t496;
				signed char _t497;
				signed char _t498;
				signed char _t499;
				signed char _t500;
				signed char _t501;
				signed char _t502;
				signed char _t503;
				signed char _t504;
				signed char _t505;
				signed char _t506;
				signed char _t507;
				signed char _t508;
				signed char _t509;
				signed char _t510;
				signed char _t511;
				signed char _t512;
				signed char _t513;
				signed char _t514;
				signed char _t515;
				signed char _t517;
				signed char _t518;
				signed char _t519;
				signed char _t520;
				signed char _t521;
				signed char _t522;
				signed char _t523;
				signed char _t524;
				signed char _t526;
				signed char _t527;
				intOrPtr* _t528;
				signed int _t529;
				signed int _t530;
				signed int _t531;
				intOrPtr* _t532;
				signed char _t533;
				signed char _t534;
				signed char _t535;
				signed char _t539;
				signed char _t540;
				signed char _t541;
				signed char _t542;
				signed char _t543;
				signed char _t544;
				signed int _t545;
				signed char _t547;
				signed char _t548;
				signed char _t549;
				signed char _t550;
				signed char _t551;
				signed char _t553;
				intOrPtr* _t557;
				signed char _t558;
				signed char _t559;
				signed char _t560;
				signed char _t562;
				char* _t563;
				void* _t564;
				signed char _t565;
				signed char _t567;
				void* _t568;
				void* _t569;
				void* _t570;
				signed char _t571;
				signed char _t573;
				signed char _t574;
				void* _t577;
				signed char _t578;
				void* _t582;
				signed char _t586;
				void* _t589;
				signed char _t591;
				void* _t594;
				signed char _t595;
				void* _t599;
				signed char _t600;
				signed char _t601;
				void* _t605;
				signed char _t608;
				void* _t609;
				signed char _t610;
				void* _t612;
				signed char _t613;
				void* _t617;
				signed char _t620;
				signed char _t623;
				signed char _t626;
				signed char _t630;
				signed char _t632;
				signed char _t635;
				signed char _t638;
				signed char _t640;
				signed char _t641;
				void* _t644;
				signed char _t645;
				signed char _t647;
				signed char _t652;
				signed char _t653;
				void* _t657;
				signed int* _t659;
				signed char _t661;
				void* _t666;
				signed char _t667;
				signed char _t672;
				void* _t674;
				signed char _t676;
				signed char _t679;
				void* _t683;
				void* _t684;
				signed char _t687;
				signed char _t689;
				signed char _t691;
				signed char _t693;
				void* _t696;
				signed char _t701;
				intOrPtr* _t703;
				signed char _t704;
				signed char _t705;
				intOrPtr* _t709;
				void* _t710;
				intOrPtr* _t711;
				void* _t712;
				void* _t713;
				signed int* _t714;
				void* _t717;
				void* _t718;
				signed int* _t719;
				void* _t721;
				void* _t723;
				signed int _t724;
				void* _t727;
				signed int _t728;
				signed int _t729;
				void* _t731;
				void* _t737;
				void* _t738;
				void* _t739;
				void* _t740;
				signed int _t743;
				signed int _t787;
				intOrPtr _t867;

				_t719 = __esi;
				_t709 = __edi;
				_t557 = __ebx - _t721;
				_t703 = __edx + _t557;
				 *__esi =  *__esi - _t703;
				 *_t703 =  *_t703 + __ecx;
				_t415 = (__eax - 0x000000ea |  *(__eax - 0xea)) +  *_t557 + _t557;
				 *_t703 =  *_t703 + __ecx;
				 *__ecx =  *__ecx + _t415;
				asm("adc [eax], al");
				 *_t703 =  *_t703 + _t415;
				 *__ecx =  *__ecx + _t415;
				 *_t703 =  *_t703 + __ecx;
				_t417 = _t415 -  *_t415 |  *(_t415 -  *_t415);
				 *_t417 =  *_t417 + _t417;
				 *_t557 =  *_t557 + _t703;
				 *__esi =  *__esi ^ _t417;
				_t558 = _t557 + _t703;
				asm("sldt word [eax]");
				asm("adc eax, 0x110000");
				_t704 = _t703 +  *((intOrPtr*)(_t558 + 0x7f));
				 *_t417 =  *_t417 + _t417;
				_t559 = _t558 |  *(_t721 - 0x63);
				 *_t417 =  *_t417 + _t417;
				_t418 = _t417 + 0xd0;
				_push(ss);
				 *_t418 =  *_t418 + _t418;
				_t573 = __ecx +  *_t418;
				_t419 = _t418 -  *_t418;
				 *_t704 =  *_t704 + _t573;
				if( *_t704 >= 0) {
					L8:
					 *_t719 =  *_t719 + _t419;
					 *_t704 =  *_t704 + _t419;
					_t559 = _t559 +  *((intOrPtr*)(_t559 - 0x63));
					 *_t419 =  *_t419 + _t419;
					_t419 = _t419 + 0x73;
					 *_t573 =  *_t573;
					_t574 = _t573 |  *(_t709 + 0x40);
					 *_t419 =  *_t419 + _t419;
					_push(es);
					 *_t704 =  *_t704 + _t419;
					if( *_t704 >= 0) {
						goto L23;
					} else {
						 *_t419 =  *_t419 + _t419;
						goto L10;
					}
				} else {
					 *_t419 =  *_t419 + _t419;
					_t701 = _t573 |  *_t704;
					_t704 = _t704 +  *((intOrPtr*)(_t559 + 0x5b));
					 *_t419 =  *_t419 + _t419;
					_t574 = _t701 |  *(__edi + 0x32);
					 *_t419 =  *_t419 + _t419;
					_push(es);
					if( *((intOrPtr*)(__edi + 0x200000f)) >= _t559) {
						L10:
						 *_t704 =  *_t704 + _t574;
						asm("outsd");
						_t704 = _t704 + 1;
						 *_t419 =  *_t419 + _t419;
						_push(es);
						 *_t704 =  *_t704 + _t419;
						if( *_t704 >= 0) {
							goto L25;
						} else {
							 *_t419 =  *_t419 + _t419;
							goto L12;
						}
					} else {
						 *_t419 =  *_t419 + _t419;
						_t574 = _t574 |  *(__edi + 0x34);
						 *_t419 =  *_t419 + _t419;
						_push(es);
						 *_t704 =  *_t704 + _t419;
						if( *_t704 >= 0) {
							L12:
							 *_t704 =  *_t704 + _t574;
							asm("outsd");
							_t739 = _t739 + 1;
							 *_t419 =  *_t419 + _t419;
							_push(es);
							 *_t704 =  *_t704 + _t419;
							if( *_t704 >= 0) {
								goto L27;
							} else {
								 *_t419 =  *_t419 + _t419;
								goto L14;
							}
						} else {
							 *_t419 =  *_t419 + _t419;
							_t574 = _t574 |  *(__edi + 0x36);
							 *_t419 =  *_t419 + _t419;
							_push(es);
							 *_t704 =  *_t704 + _t419;
							if( *_t704 >= 0) {
								L14:
								 *_t704 =  *_t704 + _t574;
								asm("outsd");
								_t719 =  &(_t719[0]);
								 *_t419 =  *_t419 + _t419;
								_push(es);
								 *_t704 =  *_t704 + _t419;
								if( *_t704 >= 0) {
									goto L29;
								} else {
									 *_t419 =  *_t419 + _t419;
									goto L16;
								}
							} else {
								 *_t419 =  *_t419 + _t419;
								_t574 = _t574 |  *(__edi + 0x38);
								 *_t419 =  *_t419 + _t419;
								_push(es);
								 *_t704 =  *_t704 + _t419;
								if( *_t704 >= 0) {
									L16:
									 *_t704 =  *_t704 + _t574;
									asm("outsd");
									_t419 = _t419 - 1;
									 *_t419 =  *_t419 + _t419;
									_push(es);
									 *_t704 =  *_t704 + _t419;
									if( *_t704 >= 0) {
										goto L32;
									} else {
										 *_t419 =  *_t419 + _t419;
										goto L18;
									}
								} else {
									 *_t419 =  *_t419 + _t419;
									_t574 = _t574 |  *(__edi + 0x3a);
									 *_t419 =  *_t419 + _t419;
									_push(es);
									 *_t704 =  *_t704 + _t419;
									if( *_t704 >= 0) {
										L18:
										 *_t704 =  *_t704 + _t574;
										asm("outsd");
										_t704 = _t704 - 1;
										 *_t419 =  *_t419 + _t419;
										_push(es);
										 *_t704 =  *_t704 + _t419;
										if( *_t704 >= 0) {
											goto L34;
										} else {
											 *_t419 =  *_t419 + _t419;
											goto L20;
										}
									} else {
										 *_t419 =  *_t419 + _t419;
										_t574 = _t574 |  *(__edi + 0x3c);
										 *_t419 =  *_t419 + _t419;
										_push(es);
										 *_t704 =  *_t704 + _t419;
										if( *_t704 >= 0) {
											L20:
											 *_t704 =  *_t704 + _t574;
											asm("outsd");
											_t739 = _t739 - 1;
											 *_t419 =  *_t419 + _t419;
											_push(es);
											 *_t704 =  *_t704 + _t419;
											if( *_t704 >= 0) {
												L36:
												 *_t704 =  *_t704 + _t419;
												if( *_t704 >= 0) {
													goto L46;
												} else {
													 *_t419 =  *_t419 + _t419;
													_t574 = _t574 |  *(_t709 + 0x5e);
													 *_t419 =  *_t419 + _t419;
													_push(es);
													goto L38;
												}
											} else {
												 *_t419 =  *_t419 + _t419;
												_t574 = _t574 |  *(_t709 + 0x4e);
												 *_t419 =  *_t419 + _t419;
												_push(es);
												 *_t704 =  *_t704 + _t419;
												if( *_t704 >= 0) {
													L38:
													 *_t704 =  *_t704 + _t419;
													 *_t709 =  *_t709 - _t559;
													 *_t704 =  *_t704 + _t574;
													 *_t704 =  *_t704 + _t419;
													asm("outsd");
													 *_t574 =  *_t574 ^ _t419;
													goto L39;
												} else {
													 *_t419 =  *_t419 + _t419;
													_t574 = _t574 |  *(_t709 + 0x50);
													 *_t419 =  *_t419 + _t419;
													L23:
													_push(es);
													 *_t704 =  *_t704 + _t419;
													if( *_t704 >= 0) {
														L39:
														 *_t719 =  *_t719 + _t419;
														_pop(ss);
														asm("outsd");
														_t419 = 0;
														 *_t704 =  *_t704 + _t574;
														 *_t704 =  *_t704;
														asm("outsd");
														 *_t574 =  *_t574 ^ 0x00000000;
														goto L40;
													} else {
														 *_t419 =  *_t419 + _t419;
														_t574 = _t574 |  *(_t709 + 0x52);
														 *_t419 =  *_t419 + _t419;
														L25:
														_push(es);
														 *_t704 =  *_t704 + _t419;
														if( *_t704 >= 0) {
															L40:
															 *_t419 =  *_t419 + _t419;
															_push(es);
															 *(_t721 + 0x2800002d) =  *(_t721 + 0x2800002d) & _t574;
															 *_t559 =  *_t559;
															goto L41;
														} else {
															 *_t419 =  *_t419 + _t419;
															_t574 = _t574 |  *(_t709 + 0x54);
															 *_t419 =  *_t419 + _t419;
															_push(es);
															L27:
															 *_t704 =  *_t704 + _t419;
															if( *_t704 >= 0) {
																L41:
																_push(es);
																_t419 = _t419 &  *_t419;
																_t25 = _t574 + _t419 * 2;
																 *_t25 =  *((intOrPtr*)(_t574 + _t419 * 2)) + _t704;
																_push(ss);
																asm("sbb [esi], edx");
																if( *_t25 >= 0) {
																	goto L31;
																} else {
																	goto L42;
																}
															} else {
																 *_t419 =  *_t419 + _t419;
																_t574 = _t574 |  *(_t709 + 0x56);
																 *_t419 =  *_t419 + _t419;
																_push(es);
																L29:
																 *_t704 =  *_t704 + _t419;
																if( *_t704 >= 0) {
																	L42:
																	 *_t419 =  *_t419 + _t419;
																	 *_t419 =  *_t419 + _t419;
																	_t419 = _t419 |  *_t419;
																	_t574 = (_t574 |  *(_t709 - 0x53)) +  *((intOrPtr*)(_t709 + 0x31));
																	 *_t419 =  *_t419 + _t419;
																	goto L43;
																} else {
																	 *_t419 =  *_t419 + _t419;
																	_t574 = _t574 |  *(_t709 + 0x58);
																	 *_t419 =  *_t419 + _t419;
																	L31:
																	_push(es);
																	L32:
																	 *_t704 =  *_t704 + _t419;
																	if( *_t704 >= 0) {
																		L43:
																		 *_t719 =  *_t719 + _t419;
																		 *((intOrPtr*)(_t574 + 0x6f0a0000)) =  *((intOrPtr*)(_t574 + 0x6f0a0000)) - _t574;
																		asm("scasd");
																		 *_t419 =  *_t419 + _t419;
																		_t419 = _t419 |  *_t419;
																		goto L44;
																	} else {
																		 *_t419 =  *_t419 + _t419;
																		_t574 = _t574 |  *(_t709 + 0x5a);
																		 *_t419 =  *_t419 + _t419;
																		_push(es);
																		L34:
																		 *_t704 =  *_t704 + _t419;
																		if( *_t704 >= 0) {
																			L44:
																			 *_t704 =  *_t704 + _t419;
																			asm("outsd");
																			 *_t574 =  *_t574 ^ _t419;
																			 *_t719 =  *_t719 + _t419;
																			_t787 =  *_t719;
																			_pop(ds);
																			if(_t787 >= 0) {
																				L48:
																				 *_t704 =  *_t704 + _t574;
																				 *_t704 =  *_t704 + _t419;
																				asm("outsd");
																				 *_t574 =  *_t574 ^ _t419;
																				 *_t719 =  *_t719 + _t419;
																				_pop(ds);
																				_t721 = _t721 - 1;
																				_pop(ds);
																				asm("adc dh, [ebx+0x6f]");
																				L49:
																				 *_t419 =  *_t419 + _t419;
																				 *_t419 =  *_t419 + _t419;
																				_t420 = _t419 |  *_t419;
																				_t574 = (_t574 |  *(_t709 + 0x70)) +  *((intOrPtr*)(_t709 + 0x31));
																				 *_t420 =  *_t420 + _t420;
																				ds = es;
																				_t421 = _t420 | 0x0000006f;
																				if (_t421 >= 0) goto L50;
																				 *_t704 =  *_t704 + _t574;
																				 *_t704 =  *_t704 + _t421;
																				asm("outsd");
																				 *_t574 =  *_t574 ^ _t421;
																				 *_t719 =  *_t719 + _t421;
																				 *(_t574 + 0x2800002d) =  *(_t574 + 0x2800002d) & _t574;
																				 *_t559 =  *_t559;
																				asm("outsd");
																				if ( *_t559 != 0) goto L51;
																				 *_t704 =  *_t704 + _t574;
																				 *_t704 =  *_t704 + _t421;
																				asm("outsd");
																				 *_t719 =  *_t719 + (_t421 ^  *_t574);
																				ss = es;
																				asm("outsd");
																				 *_t704 =  *_t704 + _t574;
																				 *_t704 =  *_t704;
																				asm("outsd");
																				_t419 = 0x00000000 ^  *_t574;
																			} else {
																				_push(_t739);
																				L46:
																				if(_t787 < 0) {
																					 *_t419 =  *_t419 + _t419;
																					 *_t419 =  *_t419 + _t419;
																					_t419 = _t419 |  *_t419;
																					_t574 = (_t574 |  *(_t709 + 0x69)) +  *((intOrPtr*)(_t709 + 0x31));
																					 *_t419 =  *_t419 + _t419;
																					_push(es);
																					 *(_t704 + 0x2800002d) =  *(_t704 + 0x2800002d) & _t419;
																					 *_t559 =  *_t559;
																					_push(es);
																					asm("outsd");
																					_push(0);
																					goto L48;
																				}
																			}
																		} else {
																			 *_t419 =  *_t419 + _t419;
																			_t574 = _t574 |  *(_t709 + 0x5c);
																			 *_t419 =  *_t419 + _t419;
																			_push(es);
																			goto L36;
																		}
																	}
																}
															}
														}
													}
												}
											}
										} else {
											 *_t419 =  *_t419 + _t419;
											_t573 = _t574 |  *(__edi + 0x3e);
											 *_t419 =  *_t419 + _t419;
											goto L8;
										}
									}
								}
							}
						}
					}
				}
				 *_t419 =  *_t419 + _t419;
				_push(es);
				 *(_t721 + 0x2800002d) =  *(_t721 + 0x2800002d) & _t574;
				 *_t559 =  *_t559;
				_push(es);
				_t419 = _t419 &  *_t419;
				_t43 = _t574 + _t419 * 2;
				 *_t43 =  *((intOrPtr*)(_t574 + _t419 * 2)) + _t704;
				_push(ss);
				asm("sbb [esi], edx");
				if( *_t43 >= 0) {
					goto L49;
				}
				 *_t419 =  *_t419 + _t419;
				 *_t419 =  *_t419 + _t419;
				_t424 = _t419 |  *_t419;
				_t577 = (_t574 |  *(_t709 - 0x53)) +  *((intOrPtr*)(_t709 + 0x33));
				 *_t424 =  *_t424 + _t424;
				_push(es);
				 *((intOrPtr*)(_t577 + 0x6f0a0000)) =  *((intOrPtr*)(_t577 + 0x6f0a0000)) - _t577;
				asm("scasd");
				 *_t424 =  *_t424 + _t424;
				_t425 = _t424 |  *_t424;
				_t578 = _t577 +  *((intOrPtr*)(_t709 + 0x33));
				 *_t425 =  *_t425 + _t425;
				ds = es;
				asm("insb");
				 *(0x73000000 + _t704) =  *(0x73000000 + _t704) & _t578;
				_push(0x6f0a0000);
				asm("outsd");
				_t427 =  *_t425 * 0x02000a00 ^  *_t578;
				 *_t719 =  *_t719 + _t427;
				_t560 = _t559 & _t704;
				_t429 = _t427 - 0x82280000 +  *((intOrPtr*)(_t427 - 0x82280000));
				_push(es);
				asm("outsd");
				 *_t704 =  *_t704 + _t578;
				 *_t704 =  *_t704 + _t429;
				asm("outsd");
				_t430 = _t429 ^  *_t578;
				 *_t719 =  *_t719 + _t430;
				ds = 0;
				ds = _t704;
				asm("adc dh, [ebx+0x6f]");
				do {
					 *_t430 =  *_t430 + _t430;
					 *_t430 =  *_t430 + _t430;
					_t431 = _t430 |  *_t430;
					 *_t431 =  *_t431 + _t431;
					ds = es;
					_t433 = _t431 | 0x0000716f |  *(_t431 | 0x0000716f);
					_t578 = (_t578 |  *(_t709 + 0x70)) +  *((intOrPtr*)(_t709 + 0x33)) +  *((intOrPtr*)(_t709 + 0x33));
					 *_t433 =  *_t433 + _t433;
					_push(es);
					_t704 = _t704 & _t560;
					_t435 = _t433 - 0x82280000 +  *((intOrPtr*)(_t433 - 0x82280000));
					_push(es);
					asm("outsd");
					if (_t435 != 0) goto L55;
					 *_t704 =  *_t704 + _t578;
					 *_t704 =  *_t704 + _t435;
					asm("outsd");
					asm("outsd");
					 *_t704 =  *_t704 + _t578;
					 *_t704 =  *_t704;
					asm("outsd");
					_push(es);
					_t430 = 0x20060001 +  *((intOrPtr*)(0x20060001)) &  *(0x20060001 +  *((intOrPtr*)(0x20060001)));
					_t57 = _t578 + _t430 * 2;
					 *_t57 =  *((intOrPtr*)(_t578 + _t430 * 2)) + _t704;
					_push(ss);
					asm("sbb [esi], edx");
				} while ( *_t57 >= 0);
				 *_t430 =  *_t430;
				 *_t430 =  *_t430;
				_t440 = _t430 |  *_t430;
				_t582 = (_t578 |  *(_t709 - 0x53)) +  *((intOrPtr*)(_t709 + 0x35));
				 *_t440 =  *_t440 + _t440;
				_push(es);
				 *((intOrPtr*)(_t582 + 0x6f0a0000)) =  *((intOrPtr*)(_t582 + 0x6f0a0000)) - _t582;
				asm("scasd");
				 *_t440 =  *_t440;
				_t441 = _t440 |  *_t440;
				 *_t441 =  *_t441 + _t441;
				ds = es;
				_t740 = _t739 + 1;
				 *(_t441 + _t441 + 0x68730000) =  *(_t441 + _t441 + 0x68730000) & _t441;
				 *_t441 =  *_t441;
				 *_t441 =  *_t441;
				_t442 = _t441 |  *_t441;
				 *_t442 =  *_t442 + _t442;
				_push(es);
				_t586 = (_t582 +  *((intOrPtr*)(_t709 + 0x35)) |  *(_t709 + 0x69)) +  *((intOrPtr*)(_t709 + 0x35)) & 0x00000000;
				_push(es);
				asm("outsd");
				_push(0);
				 *_t704 =  *_t704 + _t586;
				 *_t704 =  *_t704;
				asm("outsd");
				_t445 = _t442 - 0x82280000 +  *((intOrPtr*)(_t442 - 0x82280000)) ^ 0x1f060001;
				if(_t445 == 0) {
					asm("adc dh, [ebx+0x6f]");
					L58:
					 *_t445 =  *_t445 + _t445;
					 *_t445 =  *_t445 + _t445;
					_t450 = _t445 |  *_t445;
					_t586 = (_t586 |  *(_t709 + 0x70)) +  *((intOrPtr*)(_t709 + 0x35));
					 *_t450 =  *_t450 + _t450;
					ds = es;
					_push(cs);
					asm("outsd");
					if ( *_t450 >= 0) goto L59;
					 *_t704 =  *_t704 + _t586;
					 *_t704 =  *_t704 + _t450;
					asm("outsd");
					_t445 = _t450 ^ 0x20060001;
				}
				_push(es);
				_t448 = (_t445 & _t586) - 0x82280000 +  *((intOrPtr*)((_t445 & _t586) - 0x82280000));
				_push(es);
				asm("outsd");
				if (_t448 != 0) goto L61;
				 *_t704 =  *_t704 + _t586;
				 *_t704 =  *_t704 + _t448;
				asm("outsd");
				asm("aaa");
				 *_t448 =  *_t448 + _t448;
				ss = es;
				asm("outsd");
				 *_t704 =  *_t704 + _t586;
				 *_t704 =  *_t704;
				asm("outsd");
				asm("aaa");
				 *0 =  *0;
				_push(es);
				 *0xFFFFFFFFAA28002D =  *0xFFFFFFFFAA28002D & _t586;
				 *_t560 =  *_t560;
				_push(es);
				_t445 = 0x00000000 &  *0;
				_t76 = _t586 + _t445 * 2;
				 *_t76 =  *((intOrPtr*)(_t586 + _t445 * 2)) + _t704;
				_push(ss);
				asm("sbb [esi], edx");
				if( *_t76 >= 0) {
					goto L58;
				}
				 *_t445 =  *_t445;
				 *_t445 =  *_t445;
				_t451 = _t445 |  *_t445;
				_t589 = (_t586 |  *(_t709 - 0x53)) +  *((intOrPtr*)(_t709 + 0x37));
				 *_t451 =  *_t451 + _t451;
				 *((intOrPtr*)(_t589 + 0x6f0a0000)) =  *((intOrPtr*)(_t589 + 0x6f0a0000)) - _t589;
				asm("scasd");
				 *_t451 =  *_t451;
				_t452 = _t451 |  *_t451;
				 *_t452 =  *_t452 + _t452;
				ds = es;
				_t591 = _t589 +  *((intOrPtr*)(_t709 + 0x37)) - 1;
				ds = es;
				if(_t591 >= 0) {
					_push(0x6f0a0000);
					_t553 =  *_t452 * 0x2000a00;
					asm("outsd");
					asm("aaa");
					 *_t553 =  *_t553 + _t553;
					_push(es);
					_t455 = (_t553 & _t560) - 0x82280000 +  *((intOrPtr*)((_t553 & _t560) - 0x82280000));
					_push(es);
					asm("outsd");
					_push(0);
					 *_t704 =  *_t704 + _t591;
					 *_t704 =  *_t704;
					asm("outsd");
					asm("aaa");
					 *_t455 =  *_t455 + _t455;
					ds = es;
					if( *_t455 == 0) {
						asm("adc dh, [ebx+0x6f]");
						L65:
						 *_t454 =  *_t454 + _t454;
						 *_t454 =  *_t454 + _t454;
						_t455 = _t454 |  *_t454;
						_t591 = (_t591 |  *(_t709 + 0x70)) +  *((intOrPtr*)(_t709 + 0x37));
						 *_t455 =  *_t455 + _t455;
						ds = es;
						asm("movq mm6, [ecx]");
						 *_t704 =  *_t704 + _t591;
						 *_t704 =  *_t704 + _t455;
						asm("outsd");
						asm("aaa");
						 *_t455 =  *_t455 + _t455;
					}
					_push(es);
					_t560 = _t560 & _t455;
					_t457 = _t455 - 0x82280000 +  *((intOrPtr*)(_t455 - 0x82280000));
					asm("outsd");
					if (_t457 != 0) goto L67;
					 *_t704 =  *_t704 + _t591;
					 *_t704 =  *_t704 + _t457;
					asm("outsd");
					 *_t719 =  *_t719 + _t457;
					ss = es;
					asm("outsd");
					_t452 = 0;
					 *_t704 =  *_t704 + _t591;
					 *_t704 =  *_t704;
					asm("outsd");
					 *_t719 =  *_t719;
					 *0xFFFFFFFFAA28002D =  *0xFFFFFFFFAA28002D & _t591;
					 *_t560 =  *_t560;
				}
				_push(es);
				_t454 = _t452 +  *_t452 &  *(_t452 +  *_t452);
				_t89 = _t591 + _t454 * 2;
				 *_t89 =  *((intOrPtr*)(_t591 + _t454 * 2)) + _t704;
				_push(ss);
				asm("sbb [esi], edx");
				if( *_t89 >= 0) {
					goto L65;
				}
				 *_t454 =  *_t454 + _t454;
				 *_t454 =  *_t454 + _t454;
				_t458 = _t454 |  *_t454;
				_t594 = (_t591 |  *(_t709 - 0x53)) +  *((intOrPtr*)(_t709 + 0x39));
				 *_t458 =  *_t458 + _t458;
				_push(es);
				 *((intOrPtr*)(_t594 + 0x6f0a0000)) =  *((intOrPtr*)(_t594 + 0x6f0a0000)) - _t594;
				asm("scasd");
				 *_t458 =  *_t458 + _t458;
				_t459 = _t458 |  *_t458;
				_t595 = _t594 +  *((intOrPtr*)(_t709 + 0x39));
				 *_t459 =  *_t459 + _t459;
				ds = es;
				_push(0x6f0a0000);
				_t460 =  *_t459 * 0x2000a00;
				asm("outsd");
				 *0x73000000 =  *0x73000000 + _t460;
				 *_t704 =  *_t704 & _t704;
				_t462 = _t460 - 0x82280000 +  *((intOrPtr*)(_t460 - 0x82280000));
				_push(es);
				asm("outsd");
				_push(0);
				 *_t704 =  *_t704 + _t595;
				 *_t704 =  *_t704 + _t462;
				asm("outsd");
				 *0x73000000 =  *0x73000000 + _t462;
				 *(_t560 + 0x1f000000) =  *(_t560 + 0x1f000000) & _t462;
				asm("adc dh, [ebx+0x6f]");
				do {
					 *_t462 =  *_t462 + _t462;
					 *_t462 =  *_t462 + _t462;
					_t463 = _t462 |  *_t462;
					 *_t463 =  *_t463 + _t463;
					ds = es;
					asm("adc [edi+0x71], ch");
					 *_t463 =  *_t463 + _t463;
					_t464 = _t463 |  *_t463;
					_t595 = (_t595 |  *(_t709 + 0x70)) +  *((intOrPtr*)(_t709 + 0x39)) +  *((intOrPtr*)(_t709 + 0x39));
					 *_t464 =  *_t464 + _t464;
					_push(es);
					 *_t595 =  *_t595 & _t560;
					_t466 = _t464 - 0x82280000 +  *((intOrPtr*)(_t464 - 0x82280000));
					asm("outsd");
					if (_t466 != 0) goto L71;
					 *_t704 =  *_t704 + _t595;
					 *_t704 =  *_t704 + _t466;
					asm("outsd");
					 *0x73000000 =  *0x73000000 + _t466;
					ss = es;
					asm("outsd");
					 *_t704 =  *_t704 + _t595;
					 *_t704 =  *_t704;
					asm("outsd");
					 *0x73000000 =  *0x73000000;
					 *0xFFFFFFFFAA28002D =  *0xFFFFFFFFAA28002D & _t595;
					 *_t560 =  *_t560;
					_push(es);
					_t462 = 0x00000000 &  *0;
					_t105 = _t595 + _t462 * 2;
					 *_t105 =  *((intOrPtr*)(_t595 + _t462 * 2)) + _t704;
					_push(ss);
					asm("sbb [esi], edx");
				} while ( *_t105 >= 0);
				 *_t462 =  *_t462;
				 *_t462 =  *_t462;
				_t468 = _t462 |  *_t462;
				_t599 = (_t595 |  *(_t709 - 0x53)) +  *((intOrPtr*)(_t709 + 0x3b));
				 *_t468 =  *_t468 + _t468;
				_push(es);
				 *((intOrPtr*)(_t599 + 0x6f0a0000)) =  *((intOrPtr*)(_t599 + 0x6f0a0000)) - _t599;
				asm("scasd");
				 *_t468 =  *_t468;
				_t469 = _t468 |  *_t468;
				_t600 = _t599 +  *((intOrPtr*)(_t709 + 0x3b));
				 *_t469 =  *_t469 + _t469;
				ds = es;
				 *_t469 =  *_t469;
				if( *_t469 < 0) {
					 *_t469 =  *_t469;
					 *_t469 =  *_t469;
					_t551 = _t469 |  *_t469;
					_t601 = (_t600 |  *(_t709 + 0x69)) +  *((intOrPtr*)(_t709 + 0x3b));
					 *_t551 =  *_t551 + _t551;
					_push(es);
					 *_t704 =  *_t704 & _t601;
					_t470 = _t551 - 0x82280000 +  *((intOrPtr*)(_t551 - 0x82280000));
					_push(es);
					asm("outsd");
					_push(0);
					 *_t704 =  *_t704 + _t601;
					 *_t704 =  *_t704;
					asm("outsd");
					 *0x73000000 =  *0x73000000;
					 *(_t704 + 0x1f000000) =  *(_t704 + 0x1f000000) & 0x00000000;
					asm("adc dh, [ebx+0x6f]");
					L74:
					 *_t470 =  *_t470 + _t470;
					 *_t470 =  *_t470 + _t470;
					_t471 = _t470 |  *_t470;
					 *_t471 =  *_t471 + _t471;
					ds = es;
					asm("adc [edi+0x71], ebp");
					 *_t471 =  *_t471 + _t471;
					_t472 = _t471 |  *_t471;
					_t600 = (_t601 |  *(_t709 + 0x70)) +  *((intOrPtr*)(_t709 + 0x3b)) +  *((intOrPtr*)(_t709 + 0x3b));
					 *_t472 =  *_t472 + _t472;
					_push(es);
					 *_t600 =  *_t600 & _t704;
					_t474 = _t472 - 0x82280000 +  *((intOrPtr*)(_t472 - 0x82280000));
					_push(es);
					asm("outsd");
					if (_t474 != 0) goto L75;
					 *_t704 =  *_t704 + _t600;
					 *_t704 =  *_t704 + _t474;
					asm("outsd");
					asm("outsd");
					_t469 = 0;
					 *_t704 =  *_t704 + _t600;
					 *_t704 =  *_t704;
				}
				_t601 = _t600 +  *((intOrPtr*)(_t709 + 0x3d));
				 *_t469 =  *_t469 + _t469;
				_push(es);
				 *0xFFFFFFFFAA28002D =  *0xFFFFFFFFAA28002D & _t601;
				 *_t560 =  *_t560;
				_push(es);
				_t470 = _t469 &  *_t469;
				_t124 = _t601 + _t470 * 2;
				 *_t124 =  *((intOrPtr*)(_t601 + _t470 * 2)) + _t704;
				_push(ss);
				asm("sbb [esi], edx");
				if( *_t124 >= 0) {
					goto L74;
				}
				 *_t470 =  *_t470 + _t470;
				 *_t470 =  *_t470 + _t470;
				_t475 = _t470 |  *_t470;
				_t605 = (_t601 |  *(_t709 - 0x53)) +  *((intOrPtr*)(_t709 + 0x3d));
				 *_t475 =  *_t475 + _t475;
				_push(es);
				 *((intOrPtr*)(_t605 + 0x6f0a0000)) =  *((intOrPtr*)(_t605 + 0x6f0a0000)) - _t605;
				asm("scasd");
				 *_t475 =  *_t475 + _t475;
				_t476 = _t475 |  *_t475;
				 *_t476 =  *_t476 + _t476;
				ds = es;
				_t723 = 0xffffffff82280001;
				 *0x73000000 =  *0x73000000 & _t476;
				 *_t476 =  *_t476 + _t476;
				 *((intOrPtr*)(_t560 + 0x68)) =  *((intOrPtr*)(_t560 + 0x68)) + _t704;
				 *_t476 =  *_t476 + _t476;
				 *_t476 =  *_t476 + _t476;
				_t477 = _t476 |  *_t476;
				_t608 = (_t605 +  *((intOrPtr*)(_t709 + 0x3d)) |  *(_t709 + 0x69)) +  *((intOrPtr*)(_t709 + 0x3d));
				 *_t477 =  *_t477 + _t477;
				_push(es);
				 *_t704 =  *_t704 & _t477;
				_t479 = _t477 - 0x82280000 +  *((intOrPtr*)(_t477 - 0x82280000));
				_push(es);
				asm("outsd");
				_push(0);
				 *_t704 =  *_t704 + _t608;
				 *_t704 =  *_t704 + _t479;
				asm("outsd");
				if(_t479 < 0x1f060001) {
					asm("adc dh, [ebx+0x6f]");
					 *_t479 =  *_t479 + _t479;
					 *_t479 =  *_t479 + _t479;
					_t483 = _t479 |  *_t479;
					_t610 = (_t608 |  *(_t709 + 0x70)) +  *((intOrPtr*)(_t709 + 0x3d));
					 *_t483 =  *_t483 + _t483;
					L79:
					 *0x73000000 =  *0x73000000 + _t483;
					_pop(ds);
					asm("adc ch, [edi+0x71]");
					 *_t483 =  *_t483 + _t483;
					_t479 = _t483 |  *_t483;
					_t608 = _t610 +  *((intOrPtr*)(_t709 + 0x3d));
					 *_t479 =  *_t479 + _t479;
				}
				_push(es);
				 *_t608 =  *_t608 & _t608;
				_t481 = _t479 - 0x82280000 +  *((intOrPtr*)(_t479 - 0x82280000));
				_push(es);
				asm("outsd");
				if (_t481 != 0) goto L81;
				 *_t704 =  *_t704 + _t608;
				 *_t704 =  *_t704 + _t481;
				asm("outsd");
				asm("aas");
				 *_t481 =  *_t481 + _t481;
				ss = es;
				asm("outsd");
				 *_t608 =  *_t608 + 0x2000a00;
				asm("outsd");
				_t609 = _t608 + 1;
				 *_t481 =  *_t481 + _t481;
				ss = es;
				asm("outsd");
				 *_t704 =  *_t704 + _t609;
				 *_t704 =  *_t704;
				asm("outsd");
				_t610 = _t609 + 1;
				 *0 =  *0;
				_push(es);
				 *(_t723 + 0x2800002d) =  *(_t723 + 0x2800002d) & _t610;
				 *_t560 =  *_t560;
				_push(es);
				_t483 = 0x00000000 &  *0;
				_t142 = _t610 + _t483 * 2;
				 *_t142 =  *((intOrPtr*)(_t610 + _t483 * 2)) + _t704;
				_push(ss);
				asm("sbb [esi], edx");
				if( *_t142 >= 0) {
					goto L79;
				}
				 *_t483 =  *_t483;
				 *_t483 =  *_t483;
				_t484 = _t483 |  *_t483;
				_t612 = (_t610 |  *(_t709 - 0x53)) +  *((intOrPtr*)(_t709 + 0x41));
				 *_t484 =  *_t484 + _t484;
				_push(es);
				 *((intOrPtr*)(_t612 + 0x6f0a0000)) =  *((intOrPtr*)(_t612 + 0x6f0a0000)) - _t612;
				asm("scasd");
				 *_t484 =  *_t484;
				_t485 = _t484 |  *_t484;
				_t613 = _t612 +  *((intOrPtr*)(_t709 + 0x41));
				 *_t485 =  *_t485 + _t485;
				ds = es;
				asm("pushad");
				 *(_t613 + _t485) =  *(_t613 + _t485) & _t613;
				 *_t485 =  *_t485;
				if( *_t485 < 0) {
					 *_t485 =  *_t485;
					 *_t485 =  *_t485;
					_t486 = _t485 |  *_t485;
					_t696 = (_t613 |  *(_t709 + 0x69)) +  *((intOrPtr*)(_t709 + 0x41));
					 *_t486 =  *_t486 + _t486;
					 *(_t696 + 0x2d) =  *(_t696 + 0x2d) & _t560;
					 *_t486 =  *_t486;
					 *((intOrPtr*)(_t704 + 0x6f060003)) =  *((intOrPtr*)(_t704 + 0x6f060003));
					 *_t704 =  *_t704 + _t696;
					 *_t704 =  *_t704;
					asm("outsd");
					_t613 = _t696 + 1;
					 *_t486 =  *_t486 + _t486;
					ds = es;
					0x73000000 = 0;
					ds = es;
					asm("adc dh, [ebx+0x6f]");
					L84:
					 *_t486 =  *_t486 + _t486;
					 *_t486 =  *_t486 + _t486;
					_t487 = _t486 |  *_t486;
					 *_t487 =  *_t487 + _t487;
					ds = es;
					asm("sbb ebp, [edi+0x71]");
					 *_t487 =  *_t487 + _t487;
					_t488 = _t487 |  *_t487;
					_t613 = (_t613 |  *(_t709 + 0x70)) +  *((intOrPtr*)(_t709 + 0x41)) +  *((intOrPtr*)(_t709 + 0x41));
					 *_t488 =  *_t488 + _t488;
					_push(es);
					 *(_t488 + 0x2d) =  *(_t488 + 0x2d) & _t488;
					 *_t488 =  *_t488 + _t488;
					_t164 = _t704 + 0x6f060003;
					 *_t164 =  *((intOrPtr*)(_t704 + 0x6f060003)) - _t488;
					if ( *_t164 != 0) goto L85;
					 *_t704 =  *_t704 + _t613;
					 *_t704 =  *_t704 + _t488;
					asm("outsd");
					 *_t488 =  *_t488 + _t488;
					ss = es;
					asm("outsd");
					_t485 = 0;
					 *_t704 =  *_t704 + _t613;
					 *_t704 =  *_t704;
					asm("outsd");
					_t560 = _t560 + 2;
				}
				 *_t485 =  *_t485 + _t485;
				_push(es);
				 *(_t723 + 0x2800002d) =  *(_t723 + 0x2800002d) & _t613;
				 *_t560 =  *_t560;
				_push(es);
				_t486 = _t485 &  *_t485;
				_t168 = _t613 + _t486 * 2;
				 *_t168 =  *((intOrPtr*)(_t613 + _t486 * 2)) + _t704;
				_push(ss);
				asm("sbb [esi], edx");
				if( *_t168 >= 0) {
					goto L84;
				}
				 *_t486 =  *_t486 + _t486;
				 *_t486 =  *_t486 + _t486;
				_t489 = _t486 |  *_t486;
				_t617 = (_t613 |  *(_t709 - 0x53)) +  *((intOrPtr*)(_t709 + 0x43));
				 *_t489 =  *_t489 + _t489;
				 *((intOrPtr*)(_t617 + 0x6f0a0000)) =  *((intOrPtr*)(_t617 + 0x6f0a0000)) - _t617;
				asm("scasd");
				 *_t489 =  *_t489 + _t489;
				_t490 = _t489 |  *_t489;
				 *_t490 =  *_t490 + _t490;
				ds = es;
				_t710 = es;
				_t705 = _t704 & _t704;
				 *_t490 =  *_t490 + _t490;
				 *((intOrPtr*)(_t560 + 0x68)) =  *((intOrPtr*)(_t560 + 0x68)) + _t705;
				 *_t490 =  *_t490 + _t490;
				 *_t490 =  *_t490 + _t490;
				_t491 = _t490 |  *_t490;
				_t620 = (_t617 +  *((intOrPtr*)(_t709 + 0x43)) |  *(_t710 + 0x69)) +  *((intOrPtr*)(_t710 + 0x43));
				 *_t491 =  *_t491 + _t491;
				 *(_t560 + 0x2d) =  *(_t560 + 0x2d) & _t620;
				 *_t491 =  *_t491 + _t491;
				 *((intOrPtr*)(_t705 + 0x6f060003)) =  *((intOrPtr*)(_t705 + 0x6f060003)) - _t491;
				 *_t705 =  *_t705 + _t620;
				 *_t705 =  *_t705 + _t491;
				asm("outsd");
				_t562 = _t560 + 1;
				 *_t491 =  *_t491 + _t491;
				ds = es;
				_t711 = 0;
				ds = es;
				asm("adc dh, [ebx+0x6f]");
				 *_t491 =  *_t491 + _t491;
				 *_t491 =  *_t491 + _t491;
				_t492 = _t491 |  *_t491;
				 *_t492 =  *_t492 + _t492;
				ds = es;
				asm("sbb ch, [edi+0x71]");
				 *_t492 =  *_t492 + _t492;
				_t493 = _t492 |  *_t492;
				_t623 = (_t620 |  *(_t711 + 0x70)) +  *((intOrPtr*)(_t711 + 0x43)) +  *((intOrPtr*)(_t711 + 0x43));
				 *_t493 =  *_t493 + _t493;
				_push(es);
				 *(_t705 + 0x2d) =  *(_t705 + 0x2d) & _t705;
				 *_t493 =  *_t493 + _t493;
				_t190 = _t705 + 0x6f060003;
				 *_t190 =  *((intOrPtr*)(_t705 + 0x6f060003)) - _t493;
				if ( *_t190 != 0) goto L88;
				 *_t705 =  *_t705 + _t623;
				 *_t705 =  *_t705 + _t493;
				asm("outsd");
				_t724 = _t723 + 1;
				 *_t493 =  *_t493 + _t493;
				_push(es);
				_t494 = _t493 & _t493;
				 *_t494 =  *_t494 + _t494;
				 *_t711 =  *_t711 + _t562;
				_push(_t740);
				if( *_t711 < 0) {
					 *_t494 =  *_t494 + _t494;
					 *_t494 =  *_t494 + _t494;
					_t550 = _t494 |  *_t494;
					_t693 = (_t623 |  *(_t711 + 0x69)) +  *((intOrPtr*)(_t711 + 0x45));
					 *_t550 =  *_t550 + _t550;
					_push(es);
					 *(_t724 + 0x2d) =  *(_t724 + 0x2d) & _t562;
					 *_t550 =  *_t550 + _t550;
					 *((intOrPtr*)(_t705 + 0x6f060003)) =  *((intOrPtr*)(_t705 + 0x6f060003)) - _t550;
					 *_t705 =  *_t705 + _t693;
					 *_t705 =  *_t705 + _t550;
					asm("outsd");
					_t737 = _t724 + 1;
					 *_t550 =  *_t550 + _t550;
					ss = es;
					asm("outsd");
					if ( *_t550 < 0) goto L90;
					 *_t705 =  *_t705 + _t693;
					 *_t705 =  *_t705 + _t550;
					asm("outsd");
					_t738 = _t737 + 1;
					 *_t550 =  *_t550 + _t550;
					ds = es;
					ds = 0;
					asm("adc al, 0x73");
					asm("outsd");
					 *_t550 =  *_t550 + _t550;
					 *_t550 =  *_t550 + _t550;
					_t494 = _t550 |  *_t550;
					_t623 = (_t693 |  *(_t711 + 0x70)) +  *((intOrPtr*)(_t711 + 0x45));
					 *_t494 =  *_t494 + _t494;
					ds = es;
					_push(ds);
					asm("outsd");
					if ( *_t494 >= 0) goto L91;
					 *_t705 =  *_t705 + _t623;
					 *_t705 =  *_t705 + _t494;
					asm("outsd");
					_t724 = _t738 + 1;
					 *_t494 =  *_t494 + _t494;
					_push(es);
					 *(_t724 + 0x2d) =  *(_t724 + 0x2d) & _t562;
					 *_t494 =  *_t494 + _t494;
					_t202 = _t705 + 0x6f060003;
					 *_t202 =  *((intOrPtr*)(_t705 + 0x6f060003)) - _t494;
					if ( *_t202 < 0) goto L92;
					 *_t705 =  *_t705 + _t623;
					 *_t705 =  *_t705 + _t494;
					asm("outsd");
					_t711 = _t711 + 1;
				}
				 *_t494 =  *_t494 + _t494;
				_push(es);
				_t495 = _t494 & _t494;
				 *_t495 =  *_t495 + _t495;
				 *_t711 =  *_t711 + _t562;
				asm("outsb");
				if( *_t711 < 0) {
					 *_t495 =  *_t495 + _t495;
					 *_t495 =  *_t495 + _t495;
					_t549 = _t495 |  *_t495;
					_t689 = (_t623 |  *(_t711 + 0x69)) +  *((intOrPtr*)(_t711 + 0x47));
					 *_t549 =  *_t549 + _t549;
					 *(_t689 + 0x2d) =  *(_t689 + 0x2d) & _t689;
					 *_t549 =  *_t549 + _t549;
					 *((intOrPtr*)(_t705 + 0x6f060003)) =  *((intOrPtr*)(_t705 + 0x6f060003)) - _t549;
					 *_t705 =  *_t705 + _t689;
					 *_t705 =  *_t705 + _t549;
					asm("outsd");
					_t717 = _t711 + 1;
					 *_t549 =  *_t549 + _t549;
					ss = es;
					asm("outsd");
					if ( *_t549 < 0) goto L95;
					 *_t705 =  *_t705 + _t689;
					 *_t705 =  *_t705 + _t549;
					asm("outsd");
					_t718 = _t717 + 1;
					 *_t549 =  *_t549 + _t549;
					ds = es;
					ds = 0;
					asm("adc al, 0x73");
					asm("outsd");
					 *_t549 =  *_t549 + _t549;
					 *_t549 =  *_t549 + _t549;
					_t495 = _t549 |  *_t549;
					_t691 = (_t689 |  *(_t718 + 0x70)) +  *((intOrPtr*)(_t718 + 0x47));
					 *_t495 =  *_t495 + _t495;
					ds = es;
					ds = es;
					asm("outsd");
					if ( *_t495 >= 0) goto L96;
					 *_t705 =  *_t705 + _t691;
					 *_t705 =  *_t705 + _t495;
					asm("outsd");
					_t711 = _t718 + 1;
					 *_t495 =  *_t495 + _t495;
					_push(es);
					 *(_t691 + 0x2d) =  *(_t691 + 0x2d) & _t691;
					 *_t495 =  *_t495 + _t495;
					_t214 = _t705 + 0x6f060003;
					 *_t214 =  *((intOrPtr*)(_t705 + 0x6f060003)) - _t495;
					if ( *_t214 < 0) goto L97;
					 *_t705 =  *_t705 + _t691;
					 *_t705 =  *_t705 + _t495;
					asm("outsd");
					_t623 = _t691 - 1;
				}
				 *_t495 =  *_t495 + _t495;
				_push(es);
				_t496 = _t495 & _t495;
				 *_t496 =  *_t496 + _t496;
				 *_t496 =  *_t496 + _t496;
				 *_t496 = _t496;
				 *_t496 =  *_t496 + _t496;
				if( *_t496 < 0) {
					 *_t496 =  *_t496 + _t496;
					 *_t496 =  *_t496 + _t496;
					_t547 = _t496 |  *_t496;
					_t683 = (_t623 |  *(_t711 + 0x69)) +  *((intOrPtr*)(_t711 + 0x49));
					 *_t547 =  *_t547 + _t547;
					_push(es);
					 *(_t705 + 0x2800002e) =  *(_t705 + 0x2800002e) & _t562;
					 *_t562 =  *_t562;
					_push(es);
					asm("outsd");
					 *_t705 =  *_t705 + _t683;
					 *_t705 =  *_t705 + _t547;
					asm("outsd");
					_t684 = _t683 - 1;
					 *_t547 =  *_t547 + _t547;
					ss = es;
					asm("outsd");
					if ( *_t547 < 0) goto L100;
					 *_t705 =  *_t705 + _t684;
					 *_t705 =  *_t705 + _t547;
					asm("outsd");
					 *_t547 =  *_t547 + _t547;
					ds = es;
					ds = 0;
					asm("adc al, 0x73");
					asm("outsd");
					 *_t547 =  *_t547 + _t547;
					 *_t547 =  *_t547 + _t547;
					_t548 = _t547 |  *_t547;
					_t687 = (_t684 - 0x00000001 |  *(_t711 + 0x70)) +  *((intOrPtr*)(_t711 + 0x49));
					 *_t548 =  *_t548 + _t548;
					ds = es;
					 *(_t711 + 0x71) =  *(_t711 + 0x71) & _t687;
					 *_t548 =  *_t548 + _t548;
					_t496 = _t548 |  *_t548;
					_t623 = _t687 +  *((intOrPtr*)(_t711 + 0x49));
					 *_t496 =  *_t496 + _t496;
					_push(es);
					 *(_t705 + 0x2800002e) =  *(_t705 + 0x2800002e) & _t562;
					 *_t562 =  *_t562;
					_push(es);
					asm("outsd");
					if ( *_t562 < 0) goto L101;
					 *_t705 =  *_t705 + _t623;
					 *_t705 =  *_t705 + _t496;
					asm("outsd");
					_t562 = _t562 - 1;
				}
				 *_t496 =  *_t496 + _t496;
				_push(es);
				_t497 = _t496 & _t496;
				 *_t497 =  *_t497 + _t497;
				 *_t497 =  *_t497 + _t497;
				 *0x73000000 = _t497;
				_push(0x6f0a0000);
				_t498 =  *_t497 * 0x2000a00;
				asm("outsd");
				_t563 = _t562 - 1;
				 *_t498 =  *_t498 + _t498;
				_push(es);
				 *(_t711 + 0x2800002e) =  *(_t711 + 0x2800002e) & _t498;
				 *_t563 =  *_t563;
				_push(es);
				asm("outsd");
				 *_t705 =  *_t705 + _t623;
				 *_t705 =  *_t705 + _t498;
				asm("outsd");
				_t564 = _t563 - 1;
				 *_t498 =  *_t498 + _t498;
				ss = es;
				asm("outsd");
				if ( *_t498 < 0) goto L103;
				 *_t705 =  *_t705 + _t623;
				 *_t705 =  *_t705 + _t498;
				asm("outsd");
				_t565 = _t564 - 1;
				 *_t498 =  *_t498 + _t498;
				ds = es;
				ds = 0;
				asm("adc al, 0x73");
				asm("outsd");
				 *_t498 =  *_t498 + _t498;
				 *_t498 =  *_t498 + _t498;
				_t499 = _t498 |  *_t498;
				 *_t499 =  *_t499 + _t499;
				ds = es;
				 *(_t711 + 0x71) =  *(_t711 + 0x71) & _t724;
				 *_t499 =  *_t499 + _t499;
				_t500 = _t499 |  *_t499;
				_t626 = (_t623 |  *(_t711 + 0x70)) +  *((intOrPtr*)(_t711 + 0x4b)) +  *((intOrPtr*)(_t711 + 0x4b));
				 *_t500 =  *_t500 + _t500;
				_push(es);
				 *(_t711 + 0x2800002e) =  *(_t711 + 0x2800002e) & _t500;
				 *_t565 =  *_t565;
				_push(es);
				asm("outsd");
				if ( *_t565 < 0) goto L104;
				 *_t705 =  *_t705 + _t626;
				 *_t705 =  *_t705 + _t500;
				asm("outsd");
				 *_t500 =  *_t500 + _t500;
				_push(es);
				_t501 = _t500 & _t500;
				 *_t501 =  *_t501 + _t501;
				 *_t501 =  *_t501 + _t501;
				_push(0x6f0a0000);
				_t502 =  *_t501 * 0x2000a00;
				asm("outsd");
				 *_t502 =  *_t502 + _t502;
				_push(es);
				 *(_t626 + 0x2800002e) =  *(_t626 + 0x2800002e) & _t565;
				 *_t565 =  *_t565;
				_push(es);
				asm("outsd");
				 *_t705 =  *_t705 + _t626;
				 *_t705 =  *_t705 + _t502;
				asm("outsd");
				_t727 = _t724 - 0xffffffffffffffff;
				 *_t502 =  *_t502 + _t502;
				ss = es;
				asm("outsd");
				if ( *_t502 < 0) goto L105;
				 *_t705 =  *_t705 + _t626;
				 *_t705 =  *_t705 + _t502;
				asm("outsd");
				_t728 = _t727 - 1;
				 *_t502 =  *_t502 + _t502;
				ds = es;
				ds = 0;
				asm("adc al, 0x73");
				asm("outsd");
				 *_t502 =  *_t502 + _t502;
				 *_t502 =  *_t502 + _t502;
				_t503 = _t502 |  *_t502;
				 *_t503 =  *_t503 + _t503;
				ds = es;
				 *_t503 =  *_t503 + _t503;
				_t504 = _t503 |  *_t503;
				_t630 = ((_t626 |  *(_t711 + 0x70)) +  *((intOrPtr*)(_t711 + 0x4d)) &  *(_t711 + 0x71)) +  *((intOrPtr*)(_t711 + 0x4d));
				 *_t504 =  *_t504 + _t504;
				_push(es);
				 *(_t630 + 0x2800002e) =  *(_t630 + 0x2800002e) & _t565;
				 *_t565 =  *_t565;
				_push(es);
				asm("outsd");
				if ( *_t565 < 0) goto L106;
				 *_t705 =  *_t705 + _t630;
				 *_t705 =  *_t705 + _t504;
				asm("outsd");
				_t712 = _t711 - 1;
				 *_t504 =  *_t504 + _t504;
				_push(es);
				_t505 = _t504 & _t504;
				 *_t505 =  *_t505 + _t505;
				 *_t505 =  *_t505 + _t505;
				asm("salc");
				 *_t505 =  *_t505 + _t505;
				 *((intOrPtr*)(_t565 + 0x68)) =  *((intOrPtr*)(_t565 + 0x68)) + _t705;
				 *_t505 =  *_t505 + _t505;
				 *_t505 =  *_t505 + _t505;
				_t506 = _t505 |  *_t505;
				_t632 = (_t630 |  *(_t712 + 0x69)) +  *((intOrPtr*)(_t712 + 0x4f));
				 *_t506 =  *_t506 + _t506;
				_push(es);
				 *0x9B00002E =  *0x9B00002E & _t506;
				 *_t565 =  *_t565;
				_push(es);
				asm("outsd");
				 *_t705 =  *_t705 + _t632;
				 *_t705 =  *_t705 + _t506;
				asm("outsd");
				_t713 = _t712 - 1;
				 *_t506 =  *_t506 + _t506;
				ss = es;
				asm("outsd");
				if ( *_t506 < 0) goto L107;
				 *_t705 =  *_t705 + _t632;
				 *_t705 =  *_t705 + _t506;
				asm("outsd");
				_t714 = _t713 - 1;
				 *_t506 =  *_t506 + _t506;
				ds = es;
				ds = 0;
				asm("adc al, 0x73");
				asm("outsd");
				 *_t506 =  *_t506 + _t506;
				 *_t506 =  *_t506 + _t506;
				_t507 = _t506 |  *_t506;
				 *_t507 =  *_t507 + _t507;
				ds = es;
				_t729 = _t728 & _t714[0x1c];
				 *_t507 =  *_t507 + _t507;
				_t508 = _t507 |  *_t507;
				_t635 = (_t632 | _t714[0x1c]) + _t714[0x13] + _t714[0x13];
				 *_t508 =  *_t508 + _t508;
				_push(es);
				 *0x9B00002E =  *0x9B00002E & _t508;
				 *_t565 =  *_t565;
				_push(es);
				asm("outsd");
				if ( *_t565 < 0) goto L108;
				 *_t705 =  *_t705 + _t635;
				 *_t705 =  *_t705 + _t508;
				asm("outsd");
				_push(_t635);
				 *_t508 =  *_t508 + _t508;
				_push(es);
				_t509 = _t508 & _t508;
				 *_t509 =  *_t509 + _t509;
				 *_t509 =  *_t509 + _t509;
				_t510 = _t509 & 0x00000001;
				 *_t510 =  *_t510 + _t510;
				if( *_t510 < 0) {
					 *_t510 =  *_t510 + _t510;
					 *_t510 =  *_t510 + _t510;
					_t544 = _t510 |  *_t510;
					_t679 = (_t635 | _t714[0x1a]) + _t714[0x14];
					 *_t544 =  *_t544 + _t544;
					_push(es);
					_t571 = _t565 & _t705;
					 *[cs:eax] =  *[cs:eax] + _t544;
					 *((intOrPtr*)(_t705 + 0x6f060003)) =  *((intOrPtr*)(_t705 + 0x6f060003)) - _t544;
					_push(0);
					 *_t705 =  *_t705 + _t679;
					 *_t705 =  *_t705 + _t544;
					asm("outsd");
					_push(_t679);
					 *_t544 =  *_t544 + _t544;
					ss = es;
					asm("outsd");
					if ( *_t544 < 0) goto L110;
					 *_t705 =  *_t705 + _t679;
					 *_t705 =  *_t705 + _t544;
					asm("outsd");
					 *_t544 =  *_t544 + _t544;
					ds = es;
					ds = _t679;
					asm("adc al, 0x73");
					asm("outsd");
					 *_t544 =  *_t544 + _t544;
					 *_t544 =  *_t544 + _t544;
					_t545 = _t544 |  *_t544;
					 *_t545 =  *_t545 + _t545;
					ds = es;
					_t510 = _t545 & 0x0000716f |  *(_t545 & 0x0000716f);
					_t635 = (_t679 | _t714[0x1c]) + _t714[0x14] + _t714[0x14];
					 *_t510 =  *_t510 + _t510;
					_push(es);
					_t565 = _t571 & _t705;
					 *[cs:eax] =  *[cs:eax] + _t510;
					_t263 = _t705 + 0x6f060003;
					 *_t263 =  *((intOrPtr*)(_t705 + 0x6f060003)) - _t510;
					if ( *_t263 < 0) goto L111;
					 *_t705 =  *_t705 + _t635;
					 *_t705 =  *_t705 + _t510;
					asm("outsd");
					_push(_t565);
				}
				 *_t510 =  *_t510 + _t510;
				_push(es);
				_t511 = _t510 & _t510;
				 *_t511 =  *_t511 + _t511;
				 *_t511 =  *_t511 + _t511;
				asm("lock add [eax], al");
				 *((intOrPtr*)(_t565 + 0x68)) =  *((intOrPtr*)(_t565 + 0x68)) + _t705;
				 *_t511 =  *_t511 + _t511;
				 *_t511 =  *_t511 + _t511;
				_t512 = _t511 |  *_t511;
				 *_t512 =  *_t512 + _t512;
				_push(es);
				_t638 = (_t635 | _t714[0x1a]) + _t714[0x14] & _t512;
				 *[cs:eax] =  *[cs:eax] + _t512;
				 *((intOrPtr*)(_t705 + 0x6f060003)) =  *((intOrPtr*)(_t705 + 0x6f060003)) - _t512;
				_push(0);
				 *_t705 =  *_t705 + _t638;
				 *_t705 =  *_t705 + _t512;
				asm("outsd");
				_push(_t565);
				 *_t512 =  *_t512 + _t512;
				ss = es;
				asm("outsd");
				if ( *_t512 < 0) goto L113;
				 *_t705 =  *_t705 + _t638;
				 *_t705 =  *_t705 + _t512;
				asm("outsd");
				 *_t512 =  *_t512 + _t512;
				ds = es;
				ds = _t565;
				asm("adc al, 0x73");
				asm("outsd");
				 *_t512 =  *_t512 + _t512;
				 *_t512 =  *_t512 + _t512;
				_t513 = _t512 |  *_t512;
				_t640 = (_t638 | _t714[0x1c]) + _t714[0x14];
				 *_t513 =  *_t513 + _t513;
				ds = es;
				asm("es outsd");
				if ( *_t513 >= 0) goto L114;
				 *_t705 =  *_t705 + _t640;
				 *_t705 =  *_t705 + _t513;
				asm("outsd");
				_push(_t565);
				 *_t513 =  *_t513 + _t513;
				_push(es);
				_t641 = _t640 & _t513;
				 *[cs:eax] =  *[cs:eax] + _t513;
				_t273 = _t705 + 0x6f060003;
				 *_t273 =  *((intOrPtr*)(_t705 + 0x6f060003)) - _t513;
				if ( *_t273 < 0) goto L115;
				 *_t705 =  *_t705 + _t641;
				 *_t705 =  *_t705 + _t513;
				asm("outsd");
				_push(_t729);
				 *_t513 =  *_t513 + _t513;
				_push(es);
				_t514 = _t513 & _t513;
				 *_t514 =  *_t514 + _t514;
				 *_t514 =  *_t514 + _t514;
				_t515 = _t514 |  *_t641;
				 *_t515 =  *_t515 + _t515;
				if( *_t515 < 0) {
					 *_t515 =  *_t515 + _t515;
					 *_t515 =  *_t515 + _t515;
					_t517 = _t515 |  *_t515;
					_t641 = (_t641 | _t714[0x1a]) + _t714[0x15];
					 *_t517 =  *_t517 + _t517;
					_push(es);
					_t565 = _t565 & _t705;
					 *[cs:eax] =  *[cs:eax] + _t517;
					 *((intOrPtr*)(_t705 + 0x6f060003)) =  *((intOrPtr*)(_t705 + 0x6f060003)) - _t517;
					_push(0);
					 *_t705 =  *_t705 + _t641;
					 *_t705 =  *_t705 + _t517;
					asm("outsd");
					_push(_t729);
					 *_t517 =  *_t517 + _t517;
					ss = es;
					asm("outsd");
					if ( *_t517 < 0) goto L117;
					 *_t705 =  *_t705 + _t641;
					 *_t705 =  *_t705 + _t517;
					asm("outsd");
					 *_t517 =  *_t517 + _t517;
					ds = es;
					ds = _t729;
					asm("adc al, 0x73");
					asm("outsd");
					L118:
					 *_t517 =  *_t517 + _t517;
					 *_t517 =  *_t517 + _t517;
					_t515 = _t517 |  *_t517;
					_t641 = (_t641 | _t714[0x1c]) + _t714[0x15];
					 *_t515 =  *_t515 + _t515;
					ds = es;
					asm("daa");
					asm("outsd");
					if ( *_t515 >= 0) goto L119;
					 *_t705 =  *_t705 + _t641;
					 *_t705 =  *_t705 + _t515;
					asm("outsd");
					_push(_t729);
					 *_t515 =  *_t515 + _t515;
					_push(es);
					_t565 = _t565 & _t705;
					 *[cs:eax] =  *[cs:eax] + _t515;
					_t281 = _t705 + 0x6f060003;
					 *_t281 =  *((intOrPtr*)(_t705 + 0x6f060003)) - _t515;
					if ( *_t281 < 0) goto L120;
					 *_t705 =  *_t705 + _t641;
					 *_t705 =  *_t705 + _t515;
					asm("outsd");
					_push(_t714);
				}
				 *_t515 =  *_t515 + _t515;
				ss = es;
				asm("outsd");
				 *_t705 =  *_t705 + _t641;
				 *_t705 =  *_t705;
				asm("outsd");
				_push(_t714);
				 *0 =  *0;
				_push(es);
				 *(_t729 + 0x2800002d) =  *(_t729 + 0x2800002d) & _t641;
				 *_t565 =  *_t565;
				_push(es);
				_t517 = 0x00000000 &  *0;
				_t285 = _t641 + _t517 * 2;
				 *_t285 =  *((intOrPtr*)(_t641 + _t517 * 2)) + _t705;
				_push(ss);
				asm("sbb [esi], edx");
				if( *_t285 >= 0) {
					goto L118;
				}
				 *_t517 =  *_t517;
				 *_t517 =  *_t517;
				_t518 = _t517 |  *_t517;
				_t644 = (_t641 |  *(_t714 - 0x53)) + _t714[0x15];
				 *_t518 =  *_t518 + _t518;
				_push(es);
				 *((intOrPtr*)(_t644 + 0x6f0a0000)) =  *((intOrPtr*)(_t644 + 0x6f0a0000)) - _t644;
				asm("scasd");
				 *_t518 =  *_t518;
				_t519 = _t518 |  *_t518;
				_t645 = _t644 + _t714[0x15];
				 *_t519 =  *_t519 + _t519;
				ds = es;
				if( *_t519 * 0x140 < 0) {
					 *_t519 =  *_t519;
					 *_t519 =  *_t519;
					_t541 = _t519 |  *_t519;
					 *_t541 =  *_t541 + _t541;
					_push(es);
					_t672 = (_t645 | _t714[0x1a]) + _t714[0x15] & _t541;
					 *[cs:eax] =  *[cs:eax];
					 *((intOrPtr*)(_t705 + 0x6f060003)) =  *((intOrPtr*)(_t705 + 0x6f060003));
					_push(0);
					 *_t705 =  *_t705 + _t672;
					 *_t705 =  *_t705;
					asm("outsd");
					_push(_t714);
					 *_t541 =  *_t541 + _t541;
					ds = es;
					ds = _t729;
					asm("adc dh, [ebx+0x6f]");
					 *_t541 =  *_t541;
					 *_t541 =  *_t541;
					_t542 = _t541 |  *_t541;
					_t674 = (_t672 | _t714[0x1c]) + _t714[0x15];
					 *_t542 =  *_t542 + _t542;
					ds = es;
					_t714[0x1c] = _t714[0x1c] - _t674;
					 *_t542 =  *_t542;
					_t543 = _t542 |  *_t542;
					 *_t543 =  *_t543 + _t543;
					_t676 = _t674 + _t714[0x15] & _t674 + _t714[0x15];
					 *[cs:eax] =  *[cs:eax];
					_t303 = _t705 + 0x6f060003;
					 *_t303 =  *((intOrPtr*)(_t705 + 0x6f060003));
					if ( *_t303 != 0) goto L124;
					 *_t705 =  *_t705 + _t676;
					 *_t705 =  *_t705;
					asm("outsd");
					_t645 = es;
					 *_t543 =  *_t543 + _t543;
					_push(es);
					_t519 = _t543 & 0x00000000;
					 *_t519 =  *_t519;
					 *_t519 =  *_t519 + _t519;
					 *[ds:eax] =  *[ds:eax] + _t519;
					_t305 = _t565 + 0x68;
					 *_t305 =  *((intOrPtr*)(_t565 + 0x68)) + _t705;
					_t867 =  *_t305;
				}
				if(_t867 < 0) {
					 *_t519 =  *_t519 + _t519;
					 *_t519 =  *_t519 + _t519;
					_t539 = _t519 |  *_t519;
					 *_t539 =  *_t539 + _t539;
					 *_t565 =  *_t565 & _t705;
					 *[cs:eax] =  *[cs:eax] + _t539;
					 *((intOrPtr*)(_t705 + 0x6f060003)) =  *((intOrPtr*)(_t705 + 0x6f060003)) - _t539;
					 *_t705 =  *_t705 + (_t645 | _t714[0x1a]) + _t714[0x16];
					 *_t705 =  *_t705 + _t539;
					asm("outsd");
					_t666 = 0;
					 *_t539 =  *_t539 + _t539;
					ss = es;
					asm("outsd");
					if ( *_t539 < 0) goto L127;
					 *_t705 =  *_t705 + _t666;
					 *_t705 =  *_t705 + _t539;
					asm("outsd");
					_t667 = es;
					 *_t539 =  *_t539 + _t539;
					ds = es;
					_pop(ds);
					asm("adc al, 0x73");
					asm("outsd");
					 *_t539 =  *_t539 + _t539;
					 *_t539 =  *_t539 + _t539;
					_t540 = _t539 |  *_t539;
					 *_t540 =  *_t540 + _t540;
					ds = es;
					_t714[0x1c] = _t714[0x1c] - _t729;
					 *_t540 =  *_t540 + _t540;
					_t519 = _t540 |  *_t540;
					_t645 = (_t667 | _t714[0x1c]) + _t714[0x16] + _t714[0x16];
					 *_t519 =  *_t519 + _t519;
					 *_t565 =  *_t565 & _t705;
					 *[cs:eax] =  *[cs:eax] + _t519;
					_t316 = _t705 + 0x6f060003;
					 *_t316 =  *((intOrPtr*)(_t705 + 0x6f060003)) - _t519;
					if ( *_t316 < 0) goto L128;
					 *_t705 =  *_t705 + _t645;
					 *_t705 =  *_t705 + _t519;
					asm("outsd");
					_t565 = es;
				}
				 *_t519 =  *_t519 + _t519;
				_t520 = _t519 & _t519;
				 *_t520 =  *_t520 + _t520;
				 *_t520 =  *_t520 + _t520;
				_t521 = es;
				 *_t521 =  *_t521 + _t521;
				 *((intOrPtr*)(_t565 + 0x68)) =  *((intOrPtr*)(_t565 + 0x68)) + _t705;
				 *_t521 =  *_t521 + _t521;
				 *_t521 =  *_t521 + _t521;
				_t522 = _t521 |  *_t521;
				_t647 = (_t645 | _t714[0x1a]) + _t714[0x16];
				 *_t522 =  *_t522 + _t522;
				 *_t647 =  *_t647 & _t565;
				 *[cs:eax] =  *[cs:eax] + _t522;
				 *((intOrPtr*)(_t705 + 0x6f060003)) =  *((intOrPtr*)(_t705 + 0x6f060003)) - _t522;
				 *_t705 =  *_t705 + _t647;
				 *_t705 =  *_t705 + _t522;
				asm("outsd");
				 *_t522 =  *_t522 + _t522;
				ss = es;
				asm("outsd");
				if ( *_t522 < 0) goto L130;
				 *_t705 =  *_t705 + _t647;
				 *_t705 =  *_t705 + _t522;
				asm("outsd");
				_t567 = 0;
				 *_t522 =  *_t522 + _t522;
				ds = es;
				ds = es;
				asm("adc al, 0x73");
				asm("outsd");
				do {
					 *_t522 =  *_t522 + _t522;
					 *_t522 =  *_t522 + _t522;
					_t523 = _t522 |  *_t522;
					 *_t523 =  *_t523 + _t523;
					ds = es;
					 *_t523 =  *_t523 + _t523;
					_t524 = _t523 |  *_t523;
					_t647 = (_t647 | _t714[0x1c]) + _t714[0x16] - _t714[0x1c] + _t714[0x16];
					 *_t524 =  *_t524 + _t524;
					 *_t647 =  *_t647 & _t567;
					 *[cs:eax] =  *[cs:eax] + _t524;
					_t328 = _t705 + 0x6f060003;
					 *_t328 =  *((intOrPtr*)(_t705 + 0x6f060003)) - _t524;
					if ( *_t328 < 0) goto L132;
					 *_t705 =  *_t705 + _t647;
					 *_t705 =  *_t705 + _t524;
					asm("outsd");
					 *_t524 =  *_t524 + _t524;
					ss = es;
					asm("outsd");
					 *_t705 =  *_t705 + _t647;
					 *_t705 =  *_t705;
					asm("outsd");
					_t731 = es;
					 *0 =  *0;
					_push(es);
					 *(_t731 + 0x2800002d) =  *(_t731 + 0x2800002d) & _t647;
					 *_t567 =  *_t567;
					_push(es);
					_t522 = 0x00000000 &  *0;
					_t332 = _t647 + _t522 * 2;
					 *_t332 =  *((intOrPtr*)(_t647 + _t522 * 2)) + _t705;
					_push(ss);
					asm("sbb [esi], edx");
				} while ( *_t332 >= 0);
				 *_t522 =  *_t522;
				 *_t522 =  *_t522;
				_t526 = _t522 |  *_t522;
				_t652 = (_t647 |  *(_t714 - 0x53)) + _t714[0x17];
				 *_t526 =  *_t526 + _t526;
				_push(es);
				 *((intOrPtr*)(_t652 + 0x6f0a0000)) =  *((intOrPtr*)(_t652 + 0x6f0a0000)) - _t652;
				while(1) {
					asm("outsd");
					asm("scasd");
					 *_t526 =  *_t526 + _t526;
					_t527 = _t526 |  *_t526;
					_t653 = _t652 + _t714[0x17];
					 *_t527 =  *_t527 + _t527;
					ds = es;
					_t743 =  *_t527 * 0x15a;
					if(_t743 >= 0) {
						break;
					}
					 *_t527 =  *_t527 + _t527;
					 *_t527 =  *_t527 + _t527;
					_t533 = _t527 |  *_t527;
					_t661 = (_t653 | _t714[0x1a]) + _t714[0x17];
					 *_t533 =  *_t533 + _t533;
					_push(es);
					 *_t714 =  *_t714 & _t567;
					 *[cs:eax] =  *[cs:eax] + _t533;
					 *((intOrPtr*)(_t705 + 0x6f060003)) =  *((intOrPtr*)(_t705 + 0x6f060003)) - _t533;
					_push(0);
					 *_t705 =  *_t705 + _t661;
					 *_t705 =  *_t705 + _t533;
					asm("outsd");
					 *_t533 =  *_t533 + _t533;
					ds = es;
					ds = _t743;
					asm("adc dh, [ebx+0x6f]");
					 *_t533 =  *_t533 + _t533;
					 *_t533 =  *_t533 + _t533;
					_t534 = _t533 |  *_t533;
					 *_t534 =  *_t534 + _t534;
					ds = es;
					 *_t534 =  *_t534 + _t534;
					_t535 = _t534 |  *_t534;
					_t652 = (_t661 | _t714[0x1c]) + _t714[0x17] + _t714[0x17];
					 *_t535 =  *_t535 + _t535;
					_push(es);
					 *_t714 =  *_t714 & _t535;
					 *[cs:eax] =  *[cs:eax] + _t535;
					_t349 = _t705 + 0x6f060003;
					 *_t349 =  *((intOrPtr*)(_t705 + 0x6f060003)) - _t535;
					if ( *_t349 != 0) goto L136;
					 *_t705 =  *_t705 + _t652;
					 *_t705 =  *_t705 + _t535;
					_t526 = (_t535 &  *_t535) + (_t535 &  *_t535) + 0x00000001 &  *((_t535 &  *_t535) + (_t535 &  *_t535) + 1);
					_t351 = _t526 + 0x41;
					 *_t351 =  *((intOrPtr*)(_t526 + 0x41)) + _t705;
					if( *_t351 >= 0) {
						continue;
					} else {
						 *_t526 =  *_t526 + _t526;
						_t653 = _t652 |  *_t526;
					}
					break;
				}
				_t714[0x28000] = _t714[0x28000] - _t527;
				 *((intOrPtr*)(_t527 + 0xa0000)) =  *((intOrPtr*)(_t527 + 0xa0000)) - _t653;
				 *((intOrPtr*)(_t705 +  *_t714)) =  *((intOrPtr*)(_t705 +  *_t714));
				asm("outsd");
				_t528 = _t527 +  *_t527;
				 *0 =  *0;
				 *_t528 =  *_t528 + _t528;
				asm("wait");
				 *_t528 =  *_t528 + _t528;
				 *((intOrPtr*)(_t567 + 0x6f)) =  *((intOrPtr*)(_t567 + 0x6f)) + 0xa0000;
				 *_t528 =  *_t528 + _t528;
				_t529 =  *_t528;
				 *0xa0000 =  *0xa0000;
				 *0xa0000 =  *0xa0000 + _t529;
				 *((intOrPtr*)(_t567 + 0x20a0000)) =  *((intOrPtr*)(_t567 + 0x20a0000));
				asm("outsd");
				_pop(_t732);
				 *_t529 =  *_t529 + _t529;
				asm("outsd");
				 *_t529 = es;
				 *0xa0000 =  *0xa0000;
				 *0xa0000 =  *0xa0000 + _t529;
				 *((intOrPtr*)(_t567 + 0x20a0000)) =  *((intOrPtr*)(_t567 + 0x20a0000));
				asm("outsd");
				_t568 = es;
				 *_t529 =  *_t529 + _t529;
				asm("outsd");
				 *_t529 = es;
				 *0xa0000 =  *0xa0000;
				 *0xa0000 =  *0xa0000 + _t529;
				 *((intOrPtr*)(_t568 + 0x20a0000)) =  *((intOrPtr*)(_t568 + 0x20a0000));
				asm("outsd");
				_t657 = es;
				 *_t529 =  *_t529 + _t529;
				_push(es);
				asm("outsd");
				 *_t529 = es;
				 *0xa0000 =  *0xa0000;
				 *0xa0000 =  *0xa0000 + _t529;
				 *((intOrPtr*)(_t568 + 0x20a0000)) =  *((intOrPtr*)(_t568 + 0x20a0000));
				asm("outsd");
				_push(_t714);
				 *_t529 =  *_t529 + _t529;
				_push(es);
				asm("outsd");
				 *_t529 = es;
				 *0xa0000 =  *0xa0000;
				 *0xa0000 =  *0xa0000 + _t529;
				 *((intOrPtr*)(_t568 + 0x20a0000)) =  *((intOrPtr*)(_t568 + 0x20a0000));
				asm("outsd");
				 *_t529 =  *_t529 + _t529;
				_push(es);
				asm("outsd");
				 *_t529 = es;
				 *0xa0000 =  *0xa0000;
				 *0xa0000 =  *0xa0000 + _t529;
				 *((intOrPtr*)(_t568 + 0x20a0000)) =  *((intOrPtr*)(_t568 + 0x20a0000));
				asm("outsd");
				_push(_t568);
				 *_t529 =  *_t529 + _t529;
				_push(es);
				asm("outsd");
				 *_t529 = es;
				 *0xa0000 =  *0xa0000;
				 *0xa0000 =  *0xa0000 + _t529;
				 *((intOrPtr*)(_t568 + 0x20a0000)) =  *((intOrPtr*)(_t568 + 0x20a0000));
				asm("outsd");
				_push(_t657);
				 *_t529 =  *_t529 + _t529;
				_push(es);
				asm("outsd");
				 *_t529 = es;
				 *0xa0000 =  *0xa0000;
				 *0xa0000 =  *0xa0000 + _t529;
				 *((intOrPtr*)(_t568 + 0x20a0000)) =  *((intOrPtr*)(_t568 + 0x20a0000));
				asm("outsd");
				 *_t529 =  *_t529 + _t529;
				_push(es);
				asm("outsd");
				 *_t529 = es;
				 *0xa0000 =  *0xa0000;
				 *0xa0000 =  *0xa0000 + _t529;
				 *((intOrPtr*)(_t568 + 0x20a0000)) =  *((intOrPtr*)(_t568 + 0x20a0000));
				asm("outsd");
				 *_t529 =  *_t529 + _t529;
				_push(es);
				asm("outsd");
				 *_t529 = es;
				 *0xa0000 =  *0xa0000;
				 *0xa0000 =  *0xa0000 + _t529;
				 *((intOrPtr*)(_t568 + 0x20a0000)) =  *((intOrPtr*)(_t568 + 0x20a0000));
				asm("outsd");
				_t569 = _t568 - 1;
				 *_t529 =  *_t529 + _t529;
				_push(es);
				asm("outsd");
				 *_t529 = es;
				 *0xa0000 =  *0xa0000;
				 *0xa0000 =  *0xa0000 + _t529;
				 *((intOrPtr*)(_t569 + 0x20a0000)) =  *((intOrPtr*)(_t569 + 0x20a0000));
				asm("outsd");
				 *_t529 =  *_t529 + _t529;
				_push(es);
				asm("outsd");
				 *_t529 = es;
				 *0xa0000 =  *0xa0000;
				 *0xa0000 =  *0xa0000 + _t529;
				 *((intOrPtr*)(_t569 + 0x20a0000)) =  *((intOrPtr*)(_t569 + 0x20a0000));
				asm("outsd");
				 *_t529 =  *_t529 + _t529;
				_push(es);
				asm("outsd");
				 *_t529 = es;
				 *0xa0000 =  *0xa0000;
				 *0xa0000 =  *0xa0000 + _t529;
				 *((intOrPtr*)(_t569 + 0x20a0000)) =  *((intOrPtr*)(_t569 + 0x20a0000));
				asm("outsd");
				 *_t529 =  *_t529 + _t529;
				_push(es);
				asm("outsd");
				 *_t529 = es;
				 *0xa0000 =  *0xa0000;
				 *0xa0000 =  *0xa0000 + _t529;
				 *((intOrPtr*)(_t569 + 0x20a0000)) =  *((intOrPtr*)(_t569 + 0x20a0000));
				asm("outsd");
				_t659 = _t657 - 1 + 1;
				 *_t529 =  *_t529 + _t529;
				_push(es);
				asm("outsd");
				 *_t529 = es;
				 *0xa0000 =  *0xa0000;
				 *0xa0000 =  *0xa0000 + _t529;
				 *((intOrPtr*)(_t569 + 0x20a0000)) =  *((intOrPtr*)(_t569 + 0x20a0000));
				asm("outsd");
				_t570 = _t569 + 1;
				 *_t529 =  *_t529 + _t529;
				_push(es);
				asm("outsd");
				 *_t529 = es;
				 *0xa0000 =  *0xa0000;
				 *0xa0000 =  *0xa0000 + _t529;
				 *((intOrPtr*)(_t570 + 0x20a0000)) =  *((intOrPtr*)(_t570 + 0x20a0000));
				asm("outsd");
				 *_t529 = es;
				 *0xa0000 =  *0xa0000;
				 *0xa0000 =  *0xa0000 + _t529;
				 *((intOrPtr*)(_t570 + 0x20a0000)) =  *((intOrPtr*)(_t570 + 0x20a0000));
				asm("outsd");
				 *0x73000000 =  *0x73000000 + _t529;
				asm("outsd");
				 *_t529 = es;
				 *0xa0000 =  *0xa0000;
				 *0xa0000 =  *0xa0000 + _t529;
				 *((intOrPtr*)(_t570 + 0x20a0000)) =  *((intOrPtr*)(_t570 + 0x20a0000));
				asm("outsd");
				 *0x73000000 =  *0x73000000 + _t529;
				asm("outsd");
				 *_t529 = es;
				 *0xa0000 =  *0xa0000;
				 *0xa0000 =  *0xa0000 + _t529;
				 *((intOrPtr*)(_t570 + 0x20a0000)) =  *((intOrPtr*)(_t570 + 0x20a0000));
				asm("outsd");
				asm("aaa");
				 *_t529 =  *_t529 + _t529;
				_push(es);
				asm("outsd");
				 *_t529 = es;
				 *0xa0000 =  *0xa0000;
				 *0xa0000 =  *0xa0000 + _t529;
				 *((intOrPtr*)(_t570 + 0x20a0000)) =  *((intOrPtr*)(_t570 + 0x20a0000));
				asm("outsd");
				_t530 = _t529 ^ 0x6f060001;
				 *_t530 = es;
				 *0xa0000 =  *0xa0000;
				 *0xa0000 =  *0xa0000 + _t530;
				 *((intOrPtr*)(_t570 + 0x20a0000)) =  *((intOrPtr*)(_t570 + 0x20a0000));
				asm("outsd");
				_t531 = _t530 ^  *_t659;
				 *0x73000000 =  *0x73000000 + _t531;
				asm("outsd");
				 *_t531 = es;
				 *0xa0000 =  *0xa0000;
				 *0xa0000 =  *0xa0000 + _t531;
				 *((intOrPtr*)(_t570 + 0x20a0000)) =  *((intOrPtr*)(_t570 + 0x20a0000));
				asm("outsd");
				 *_t659 =  *_t659 ^ _t531;
				 *0x73000000 =  *0x73000000 + _t531;
				asm("outsd");
				 *_t531 = es;
				 *0xa0000 =  *0xa0000;
				 *0xa0000 =  *0xa0000 + _t531;
				_push(es);
				 *_t659 =  *_t659 & 0x000a0000;
				 *[cs:eax] =  *[cs:eax] + _t531;
				 *0x6F100003 =  *((intOrPtr*)(0x6f100003)) - _t531;
				 *_t531 =  *_t531;
				 *_t659 =  *_t659 + _t531;
				 *((intOrPtr*)(_t531 + _t531 + 0x2000a00)) =  *((intOrPtr*)(_t531 + _t531 + 0x2000a00)) - _t570;
				_push(ss);
				 *0x730A0000 =  *((intOrPtr*)(0x730a0000)) - _t659;
				_t532 = _t531 +  *_t531;
				 *_t532 =  *_t532 + _t532;
				 *_t532 =  *_t532 + _t532;
				return _t532;
			}








































































































































































































                                                  0x00619a7c
                                                  0x00619a7c
                                                  0x00619a7e
                                                  0x00619a80
                                                  0x00619a86
                                                  0x00619a89
                                                  0x00619a8b
                                                  0x00619a8d
                                                  0x00619a8f
                                                  0x00619a91
                                                  0x00619a93
                                                  0x00619a95
                                                  0x00619a97
                                                  0x00619a9b
                                                  0x00619a9d
                                                  0x00619a9f
                                                  0x00619aa1
                                                  0x00619aa3
                                                  0x00619aa5
                                                  0x00619aa8
                                                  0x00619aad
                                                  0x00619ab0
                                                  0x00619ab2
                                                  0x00619ab5
                                                  0x00619ab7
                                                  0x00619ab9
                                                  0x00619aba
                                                  0x00619abc
                                                  0x00619abe
                                                  0x00619ac0
                                                  0x00619ac2
                                                  0x00619b1d
                                                  0x00619b1d
                                                  0x00619b1f
                                                  0x00619b21
                                                  0x00619b24
                                                  0x00619b26
                                                  0x00619b28
                                                  0x00619b2b
                                                  0x00619b2e
                                                  0x00619b30
                                                  0x00619b31
                                                  0x00619b33
                                                  0x00000000
                                                  0x00619b35
                                                  0x00619b35
                                                  0x00000000
                                                  0x00619b35
                                                  0x00619ac4
                                                  0x00619ac4
                                                  0x00619ac6
                                                  0x00619ac8
                                                  0x00619acb
                                                  0x00619acd
                                                  0x00619ad0
                                                  0x00619ad2
                                                  0x00619ad9
                                                  0x00619b36
                                                  0x00619b36
                                                  0x00619b38
                                                  0x00619b39
                                                  0x00619b3a
                                                  0x00619b3c
                                                  0x00619b3d
                                                  0x00619b3f
                                                  0x00000000
                                                  0x00619b41
                                                  0x00619b41
                                                  0x00000000
                                                  0x00619b41
                                                  0x00619adb
                                                  0x00619adb
                                                  0x00619add
                                                  0x00619ae0
                                                  0x00619ae2
                                                  0x00619ae3
                                                  0x00619ae5
                                                  0x00619b42
                                                  0x00619b42
                                                  0x00619b44
                                                  0x00619b45
                                                  0x00619b46
                                                  0x00619b48
                                                  0x00619b49
                                                  0x00619b4b
                                                  0x00000000
                                                  0x00619b4d
                                                  0x00619b4d
                                                  0x00000000
                                                  0x00619b4d
                                                  0x00619ae7
                                                  0x00619ae7
                                                  0x00619ae9
                                                  0x00619aec
                                                  0x00619aee
                                                  0x00619aef
                                                  0x00619af1
                                                  0x00619b4e
                                                  0x00619b4e
                                                  0x00619b50
                                                  0x00619b51
                                                  0x00619b52
                                                  0x00619b54
                                                  0x00619b55
                                                  0x00619b57
                                                  0x00000000
                                                  0x00619b59
                                                  0x00619b59
                                                  0x00000000
                                                  0x00619b59
                                                  0x00619af3
                                                  0x00619af3
                                                  0x00619af5
                                                  0x00619af8
                                                  0x00619afa
                                                  0x00619afb
                                                  0x00619afd
                                                  0x00619b5a
                                                  0x00619b5a
                                                  0x00619b5c
                                                  0x00619b5d
                                                  0x00619b5e
                                                  0x00619b60
                                                  0x00619b61
                                                  0x00619b63
                                                  0x00000000
                                                  0x00619b65
                                                  0x00619b65
                                                  0x00000000
                                                  0x00619b65
                                                  0x00619aff
                                                  0x00619aff
                                                  0x00619b01
                                                  0x00619b04
                                                  0x00619b06
                                                  0x00619b07
                                                  0x00619b09
                                                  0x00619b66
                                                  0x00619b66
                                                  0x00619b68
                                                  0x00619b69
                                                  0x00619b6a
                                                  0x00619b6c
                                                  0x00619b6d
                                                  0x00619b6f
                                                  0x00000000
                                                  0x00619b71
                                                  0x00619b71
                                                  0x00000000
                                                  0x00619b71
                                                  0x00619b0b
                                                  0x00619b0b
                                                  0x00619b0d
                                                  0x00619b10
                                                  0x00619b12
                                                  0x00619b13
                                                  0x00619b15
                                                  0x00619b72
                                                  0x00619b72
                                                  0x00619b74
                                                  0x00619b75
                                                  0x00619b76
                                                  0x00619b78
                                                  0x00619b79
                                                  0x00619b7b
                                                  0x00619bd9
                                                  0x00619bd9
                                                  0x00619bdb
                                                  0x00000000
                                                  0x00619bdd
                                                  0x00619bdd
                                                  0x00619bdf
                                                  0x00619be2
                                                  0x00619be4
                                                  0x00000000
                                                  0x00619be4
                                                  0x00619b7d
                                                  0x00619b7d
                                                  0x00619b7f
                                                  0x00619b82
                                                  0x00619b84
                                                  0x00619b85
                                                  0x00619b87
                                                  0x00619be5
                                                  0x00619be5
                                                  0x00619be7
                                                  0x00619bea
                                                  0x00619bec
                                                  0x00619bee
                                                  0x00619bef
                                                  0x00000000
                                                  0x00619b89
                                                  0x00619b89
                                                  0x00619b8b
                                                  0x00619b8e
                                                  0x00619b90
                                                  0x00619b90
                                                  0x00619b91
                                                  0x00619b93
                                                  0x00619bf1
                                                  0x00619bf1
                                                  0x00619bf3
                                                  0x00619bf4
                                                  0x00619bf5
                                                  0x00619bf7
                                                  0x00619bf9
                                                  0x00619bfb
                                                  0x00619bfc
                                                  0x00000000
                                                  0x00619b95
                                                  0x00619b95
                                                  0x00619b97
                                                  0x00619b9a
                                                  0x00619b9c
                                                  0x00619b9c
                                                  0x00619b9d
                                                  0x00619b9f
                                                  0x00619bfd
                                                  0x00619bfd
                                                  0x00619bff
                                                  0x00619c00
                                                  0x00619c06
                                                  0x00000000
                                                  0x00619ba1
                                                  0x00619ba1
                                                  0x00619ba3
                                                  0x00619ba6
                                                  0x00619ba8
                                                  0x00619ba9
                                                  0x00619ba9
                                                  0x00619bab
                                                  0x00619c09
                                                  0x00619c09
                                                  0x00619c0a
                                                  0x00619c0c
                                                  0x00619c0c
                                                  0x00619c0f
                                                  0x00619c10
                                                  0x00619c12
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00619bad
                                                  0x00619bad
                                                  0x00619baf
                                                  0x00619bb2
                                                  0x00619bb4
                                                  0x00619bb5
                                                  0x00619bb5
                                                  0x00619bb7
                                                  0x00619c14
                                                  0x00619c14
                                                  0x00619c19
                                                  0x00619c1b
                                                  0x00619c1d
                                                  0x00619c20
                                                  0x00000000
                                                  0x00619bb9
                                                  0x00619bb9
                                                  0x00619bbb
                                                  0x00619bbe
                                                  0x00619bc0
                                                  0x00619bc0
                                                  0x00619bc1
                                                  0x00619bc1
                                                  0x00619bc3
                                                  0x00619c21
                                                  0x00619c21
                                                  0x00619c23
                                                  0x00619c29
                                                  0x00619c2a
                                                  0x00619c2c
                                                  0x00000000
                                                  0x00619bc5
                                                  0x00619bc5
                                                  0x00619bc7
                                                  0x00619bca
                                                  0x00619bcc
                                                  0x00619bcd
                                                  0x00619bcd
                                                  0x00619bcf
                                                  0x00619c2d
                                                  0x00619c2d
                                                  0x00619c2f
                                                  0x00619c30
                                                  0x00619c32
                                                  0x00619c32
                                                  0x00619c34
                                                  0x00619c35
                                                  0x00619c56
                                                  0x00619c56
                                                  0x00619c58
                                                  0x00619c5a
                                                  0x00619c5b
                                                  0x00619c5d
                                                  0x00619c5f
                                                  0x00619c60
                                                  0x00619c61
                                                  0x00619c62
                                                  0x00619c65
                                                  0x00619c65
                                                  0x00619c6a
                                                  0x00619c6c
                                                  0x00619c6e
                                                  0x00619c71
                                                  0x00619c74
                                                  0x00619c75
                                                  0x00619c77
                                                  0x00619c79
                                                  0x00619c7b
                                                  0x00619c7d
                                                  0x00619c7e
                                                  0x00619c80
                                                  0x00619c82
                                                  0x00619c88
                                                  0x00619c8c
                                                  0x00619c8d
                                                  0x00619c8f
                                                  0x00619c91
                                                  0x00619c93
                                                  0x00619c96
                                                  0x00619c98
                                                  0x00619c99
                                                  0x00619c9c
                                                  0x00619c9e
                                                  0x00619ca0
                                                  0x00619ca1
                                                  0x00619c37
                                                  0x00619c37
                                                  0x00619c38
                                                  0x00619c38
                                                  0x00619c3a
                                                  0x00619c3f
                                                  0x00619c41
                                                  0x00619c43
                                                  0x00619c46
                                                  0x00619c48
                                                  0x00619c49
                                                  0x00619c4f
                                                  0x00619c52
                                                  0x00619c53
                                                  0x00619c54
                                                  0x00000000
                                                  0x00619c54
                                                  0x00619c38
                                                  0x00619bd1
                                                  0x00619bd1
                                                  0x00619bd3
                                                  0x00619bd6
                                                  0x00619bd8
                                                  0x00000000
                                                  0x00619bd8
                                                  0x00619bcf
                                                  0x00619bc3
                                                  0x00619bb7
                                                  0x00619bab
                                                  0x00619b9f
                                                  0x00619b93
                                                  0x00619b87
                                                  0x00619b17
                                                  0x00619b17
                                                  0x00619b19
                                                  0x00619b1c
                                                  0x00000000
                                                  0x00619b1c
                                                  0x00619b15
                                                  0x00619b09
                                                  0x00619afd
                                                  0x00619af1
                                                  0x00619ae5
                                                  0x00619ad9
                                                  0x00619ca2
                                                  0x00619ca4
                                                  0x00619ca5
                                                  0x00619cab
                                                  0x00619cae
                                                  0x00619caf
                                                  0x00619cb1
                                                  0x00619cb1
                                                  0x00619cb4
                                                  0x00619cb5
                                                  0x00619cb7
                                                  0x00000000
                                                  0x00000000
                                                  0x00619cb9
                                                  0x00619cbe
                                                  0x00619cc0
                                                  0x00619cc2
                                                  0x00619cc5
                                                  0x00619cc7
                                                  0x00619cc8
                                                  0x00619cce
                                                  0x00619ccf
                                                  0x00619cd1
                                                  0x00619cd3
                                                  0x00619cd6
                                                  0x00619cd9
                                                  0x00619cda
                                                  0x00619cdb
                                                  0x00619ce1
                                                  0x00619cec
                                                  0x00619ced
                                                  0x00619cef
                                                  0x00619cf1
                                                  0x00619cf8
                                                  0x00619cfa
                                                  0x00619cfb
                                                  0x00619cfe
                                                  0x00619d00
                                                  0x00619d02
                                                  0x00619d03
                                                  0x00619d05
                                                  0x00619d07
                                                  0x00619d09
                                                  0x00619d0a
                                                  0x00619d0d
                                                  0x00619d0d
                                                  0x00619d12
                                                  0x00619d14
                                                  0x00619d19
                                                  0x00619d1c
                                                  0x00619d22
                                                  0x00619d24
                                                  0x00619d27
                                                  0x00619d29
                                                  0x00619d2a
                                                  0x00619d31
                                                  0x00619d33
                                                  0x00619d34
                                                  0x00619d35
                                                  0x00619d37
                                                  0x00619d39
                                                  0x00619d3b
                                                  0x00619d41
                                                  0x00619d44
                                                  0x00619d46
                                                  0x00619d48
                                                  0x00619d56
                                                  0x00619d57
                                                  0x00619d59
                                                  0x00619d59
                                                  0x00619d5c
                                                  0x00619d5d
                                                  0x00619d5d
                                                  0x00619d61
                                                  0x00619d66
                                                  0x00619d68
                                                  0x00619d6a
                                                  0x00619d6d
                                                  0x00619d6f
                                                  0x00619d70
                                                  0x00619d76
                                                  0x00619d77
                                                  0x00619d79
                                                  0x00619d7e
                                                  0x00619d81
                                                  0x00619d82
                                                  0x00619d83
                                                  0x00619d8a
                                                  0x00619d8f
                                                  0x00619d91
                                                  0x00619d96
                                                  0x00619d98
                                                  0x00619d99
                                                  0x00619da2
                                                  0x00619da3
                                                  0x00619da4
                                                  0x00619da6
                                                  0x00619da8
                                                  0x00619daa
                                                  0x00619dab
                                                  0x00619db0
                                                  0x00619db2
                                                  0x00619db5
                                                  0x00619db5
                                                  0x00619dba
                                                  0x00619dbc
                                                  0x00619dbe
                                                  0x00619dc1
                                                  0x00619dc4
                                                  0x00619dc5
                                                  0x00619dc6
                                                  0x00619dc7
                                                  0x00619dc9
                                                  0x00619dcb
                                                  0x00619dcd
                                                  0x00619dce
                                                  0x00619dce
                                                  0x00619dd1
                                                  0x00619dd9
                                                  0x00619ddb
                                                  0x00619ddc
                                                  0x00619ddd
                                                  0x00619ddf
                                                  0x00619de1
                                                  0x00619de3
                                                  0x00619de4
                                                  0x00619de5
                                                  0x00619de8
                                                  0x00619de9
                                                  0x00619dec
                                                  0x00619dee
                                                  0x00619df0
                                                  0x00619df1
                                                  0x00619df2
                                                  0x00619df4
                                                  0x00619df5
                                                  0x00619dfb
                                                  0x00619dfe
                                                  0x00619dff
                                                  0x00619e01
                                                  0x00619e01
                                                  0x00619e04
                                                  0x00619e05
                                                  0x00619e07
                                                  0x00000000
                                                  0x00000000
                                                  0x00619e09
                                                  0x00619e0e
                                                  0x00619e10
                                                  0x00619e12
                                                  0x00619e15
                                                  0x00619e18
                                                  0x00619e1e
                                                  0x00619e1f
                                                  0x00619e21
                                                  0x00619e26
                                                  0x00619e29
                                                  0x00619e2a
                                                  0x00619e2b
                                                  0x00619e2c
                                                  0x00619e2e
                                                  0x00619e33
                                                  0x00619e39
                                                  0x00619e3a
                                                  0x00619e3b
                                                  0x00619e3d
                                                  0x00619e45
                                                  0x00619e47
                                                  0x00619e48
                                                  0x00619e49
                                                  0x00619e4b
                                                  0x00619e4d
                                                  0x00619e4f
                                                  0x00619e50
                                                  0x00619e51
                                                  0x00619e54
                                                  0x00619e55
                                                  0x00619e57
                                                  0x00619e5a
                                                  0x00619e5a
                                                  0x00619e5f
                                                  0x00619e61
                                                  0x00619e63
                                                  0x00619e66
                                                  0x00619e69
                                                  0x00619e6a
                                                  0x00619e6e
                                                  0x00619e70
                                                  0x00619e72
                                                  0x00619e73
                                                  0x00619e74
                                                  0x00619e74
                                                  0x00619e76
                                                  0x00619e77
                                                  0x00619e7e
                                                  0x00619e81
                                                  0x00619e82
                                                  0x00619e84
                                                  0x00619e86
                                                  0x00619e88
                                                  0x00619e8b
                                                  0x00619e8d
                                                  0x00619e8e
                                                  0x00619e8f
                                                  0x00619e91
                                                  0x00619e93
                                                  0x00619e95
                                                  0x00619e98
                                                  0x00619e9a
                                                  0x00619ea0
                                                  0x00619ea0
                                                  0x00619ea3
                                                  0x00619ea4
                                                  0x00619ea6
                                                  0x00619ea6
                                                  0x00619ea9
                                                  0x00619eaa
                                                  0x00619eac
                                                  0x00000000
                                                  0x00000000
                                                  0x00619eae
                                                  0x00619eb3
                                                  0x00619eb5
                                                  0x00619eb7
                                                  0x00619eba
                                                  0x00619ebc
                                                  0x00619ebd
                                                  0x00619ec3
                                                  0x00619ec4
                                                  0x00619ec6
                                                  0x00619ec8
                                                  0x00619ecb
                                                  0x00619ece
                                                  0x00619ed6
                                                  0x00619edb
                                                  0x00619ee1
                                                  0x00619ee4
                                                  0x00619ee6
                                                  0x00619eed
                                                  0x00619eef
                                                  0x00619ef0
                                                  0x00619ef1
                                                  0x00619ef3
                                                  0x00619ef5
                                                  0x00619ef7
                                                  0x00619efa
                                                  0x00619efc
                                                  0x00619f02
                                                  0x00619f05
                                                  0x00619f05
                                                  0x00619f0a
                                                  0x00619f0c
                                                  0x00619f11
                                                  0x00619f14
                                                  0x00619f15
                                                  0x00619f18
                                                  0x00619f1a
                                                  0x00619f1c
                                                  0x00619f1f
                                                  0x00619f21
                                                  0x00619f22
                                                  0x00619f29
                                                  0x00619f2c
                                                  0x00619f2d
                                                  0x00619f2f
                                                  0x00619f31
                                                  0x00619f33
                                                  0x00619f36
                                                  0x00619f38
                                                  0x00619f39
                                                  0x00619f3c
                                                  0x00619f3e
                                                  0x00619f40
                                                  0x00619f43
                                                  0x00619f45
                                                  0x00619f4b
                                                  0x00619f4e
                                                  0x00619f4f
                                                  0x00619f51
                                                  0x00619f51
                                                  0x00619f54
                                                  0x00619f55
                                                  0x00619f55
                                                  0x00619f59
                                                  0x00619f5e
                                                  0x00619f60
                                                  0x00619f62
                                                  0x00619f65
                                                  0x00619f67
                                                  0x00619f68
                                                  0x00619f6e
                                                  0x00619f6f
                                                  0x00619f71
                                                  0x00619f73
                                                  0x00619f76
                                                  0x00619f79
                                                  0x00619f7e
                                                  0x00619f80
                                                  0x00619f82
                                                  0x00619f87
                                                  0x00619f89
                                                  0x00619f8b
                                                  0x00619f8e
                                                  0x00619f90
                                                  0x00619f91
                                                  0x00619f98
                                                  0x00619f9a
                                                  0x00619f9b
                                                  0x00619f9c
                                                  0x00619f9e
                                                  0x00619fa0
                                                  0x00619fa2
                                                  0x00619fa5
                                                  0x00619fa7
                                                  0x00619fad
                                                  0x00619fb0
                                                  0x00619fb0
                                                  0x00619fb5
                                                  0x00619fb7
                                                  0x00619fbc
                                                  0x00619fbf
                                                  0x00619fc0
                                                  0x00619fc3
                                                  0x00619fc5
                                                  0x00619fc7
                                                  0x00619fca
                                                  0x00619fcc
                                                  0x00619fcd
                                                  0x00619fd4
                                                  0x00619fd6
                                                  0x00619fd7
                                                  0x00619fd8
                                                  0x00619fda
                                                  0x00619fdc
                                                  0x00619fde
                                                  0x00619fe4
                                                  0x00619fe5
                                                  0x00619fe7
                                                  0x00619fe9
                                                  0x00619fe9
                                                  0x00619fea
                                                  0x00619fed
                                                  0x00619fef
                                                  0x00619ff0
                                                  0x00619ff6
                                                  0x00619ff9
                                                  0x00619ffa
                                                  0x00619ffc
                                                  0x00619ffc
                                                  0x00619fff
                                                  0x0061a000
                                                  0x0061a002
                                                  0x00000000
                                                  0x00000000
                                                  0x0061a004
                                                  0x0061a009
                                                  0x0061a00b
                                                  0x0061a00d
                                                  0x0061a010
                                                  0x0061a012
                                                  0x0061a013
                                                  0x0061a019
                                                  0x0061a01a
                                                  0x0061a01c
                                                  0x0061a021
                                                  0x0061a024
                                                  0x0061a025
                                                  0x0061a026
                                                  0x0061a028
                                                  0x0061a02a
                                                  0x0061a02d
                                                  0x0061a032
                                                  0x0061a034
                                                  0x0061a036
                                                  0x0061a039
                                                  0x0061a03b
                                                  0x0061a03c
                                                  0x0061a043
                                                  0x0061a045
                                                  0x0061a046
                                                  0x0061a047
                                                  0x0061a049
                                                  0x0061a04b
                                                  0x0061a04d
                                                  0x0061a053
                                                  0x0061a055
                                                  0x0061a058
                                                  0x0061a05d
                                                  0x0061a05f
                                                  0x0061a061
                                                  0x0061a064
                                                  0x0061a065
                                                  0x0061a065
                                                  0x0061a067
                                                  0x0061a068
                                                  0x0061a06b
                                                  0x0061a06d
                                                  0x0061a06f
                                                  0x0061a072
                                                  0x0061a072
                                                  0x0061a074
                                                  0x0061a075
                                                  0x0061a07c
                                                  0x0061a07e
                                                  0x0061a07f
                                                  0x0061a080
                                                  0x0061a082
                                                  0x0061a084
                                                  0x0061a086
                                                  0x0061a087
                                                  0x0061a088
                                                  0x0061a08b
                                                  0x0061a08c
                                                  0x0061a08d
                                                  0x0061a093
                                                  0x0061a094
                                                  0x0061a095
                                                  0x0061a098
                                                  0x0061a099
                                                  0x0061a09c
                                                  0x0061a09e
                                                  0x0061a0a0
                                                  0x0061a0a1
                                                  0x0061a0a2
                                                  0x0061a0a4
                                                  0x0061a0a5
                                                  0x0061a0ab
                                                  0x0061a0ae
                                                  0x0061a0af
                                                  0x0061a0b1
                                                  0x0061a0b1
                                                  0x0061a0b4
                                                  0x0061a0b5
                                                  0x0061a0b7
                                                  0x00000000
                                                  0x00000000
                                                  0x0061a0b9
                                                  0x0061a0be
                                                  0x0061a0c0
                                                  0x0061a0c2
                                                  0x0061a0c5
                                                  0x0061a0c7
                                                  0x0061a0c8
                                                  0x0061a0ce
                                                  0x0061a0cf
                                                  0x0061a0d1
                                                  0x0061a0d3
                                                  0x0061a0d6
                                                  0x0061a0d9
                                                  0x0061a0da
                                                  0x0061a0db
                                                  0x0061a0de
                                                  0x0061a0e0
                                                  0x0061a0e2
                                                  0x0061a0e7
                                                  0x0061a0e9
                                                  0x0061a0eb
                                                  0x0061a0ee
                                                  0x0061a0f1
                                                  0x0061a0f4
                                                  0x0061a0f6
                                                  0x0061a0fe
                                                  0x0061a100
                                                  0x0061a102
                                                  0x0061a103
                                                  0x0061a104
                                                  0x0061a107
                                                  0x0061a108
                                                  0x0061a109
                                                  0x0061a10a
                                                  0x0061a10d
                                                  0x0061a10d
                                                  0x0061a112
                                                  0x0061a114
                                                  0x0061a119
                                                  0x0061a11c
                                                  0x0061a11d
                                                  0x0061a120
                                                  0x0061a122
                                                  0x0061a124
                                                  0x0061a127
                                                  0x0061a129
                                                  0x0061a12a
                                                  0x0061a12d
                                                  0x0061a12f
                                                  0x0061a12f
                                                  0x0061a135
                                                  0x0061a137
                                                  0x0061a139
                                                  0x0061a13b
                                                  0x0061a13d
                                                  0x0061a140
                                                  0x0061a141
                                                  0x0061a142
                                                  0x0061a144
                                                  0x0061a146
                                                  0x0061a148
                                                  0x0061a149
                                                  0x0061a149
                                                  0x0061a14a
                                                  0x0061a14c
                                                  0x0061a14d
                                                  0x0061a153
                                                  0x0061a156
                                                  0x0061a157
                                                  0x0061a159
                                                  0x0061a159
                                                  0x0061a15c
                                                  0x0061a15d
                                                  0x0061a15f
                                                  0x00000000
                                                  0x00000000
                                                  0x0061a161
                                                  0x0061a166
                                                  0x0061a168
                                                  0x0061a16a
                                                  0x0061a16d
                                                  0x0061a170
                                                  0x0061a176
                                                  0x0061a177
                                                  0x0061a179
                                                  0x0061a17e
                                                  0x0061a181
                                                  0x0061a182
                                                  0x0061a183
                                                  0x0061a185
                                                  0x0061a187
                                                  0x0061a18a
                                                  0x0061a18f
                                                  0x0061a191
                                                  0x0061a193
                                                  0x0061a196
                                                  0x0061a199
                                                  0x0061a19c
                                                  0x0061a19e
                                                  0x0061a1a6
                                                  0x0061a1a8
                                                  0x0061a1aa
                                                  0x0061a1ab
                                                  0x0061a1ac
                                                  0x0061a1af
                                                  0x0061a1b0
                                                  0x0061a1b1
                                                  0x0061a1b2
                                                  0x0061a1b5
                                                  0x0061a1ba
                                                  0x0061a1bc
                                                  0x0061a1c1
                                                  0x0061a1c4
                                                  0x0061a1c5
                                                  0x0061a1c8
                                                  0x0061a1ca
                                                  0x0061a1cc
                                                  0x0061a1cf
                                                  0x0061a1d1
                                                  0x0061a1d2
                                                  0x0061a1d5
                                                  0x0061a1d7
                                                  0x0061a1d7
                                                  0x0061a1dd
                                                  0x0061a1df
                                                  0x0061a1e1
                                                  0x0061a1e3
                                                  0x0061a1e4
                                                  0x0061a1e5
                                                  0x0061a1e7
                                                  0x0061a1e8
                                                  0x0061a1ea
                                                  0x0061a1ec
                                                  0x0061a1ee
                                                  0x0061a1ef
                                                  0x0061a1f1
                                                  0x0061a1f6
                                                  0x0061a1f8
                                                  0x0061a1fa
                                                  0x0061a1fd
                                                  0x0061a1ff
                                                  0x0061a200
                                                  0x0061a203
                                                  0x0061a205
                                                  0x0061a20d
                                                  0x0061a20f
                                                  0x0061a211
                                                  0x0061a212
                                                  0x0061a213
                                                  0x0061a216
                                                  0x0061a217
                                                  0x0061a218
                                                  0x0061a21a
                                                  0x0061a21c
                                                  0x0061a21e
                                                  0x0061a21f
                                                  0x0061a220
                                                  0x0061a223
                                                  0x0061a224
                                                  0x0061a226
                                                  0x0061a228
                                                  0x0061a229
                                                  0x0061a22e
                                                  0x0061a230
                                                  0x0061a232
                                                  0x0061a235
                                                  0x0061a238
                                                  0x0061a239
                                                  0x0061a23a
                                                  0x0061a23b
                                                  0x0061a23d
                                                  0x0061a23f
                                                  0x0061a241
                                                  0x0061a242
                                                  0x0061a243
                                                  0x0061a245
                                                  0x0061a246
                                                  0x0061a249
                                                  0x0061a24b
                                                  0x0061a24b
                                                  0x0061a251
                                                  0x0061a253
                                                  0x0061a255
                                                  0x0061a257
                                                  0x0061a258
                                                  0x0061a258
                                                  0x0061a259
                                                  0x0061a25b
                                                  0x0061a25c
                                                  0x0061a25e
                                                  0x0061a260
                                                  0x0061a262
                                                  0x0061a263
                                                  0x0061a265
                                                  0x0061a26a
                                                  0x0061a26c
                                                  0x0061a26e
                                                  0x0061a271
                                                  0x0061a274
                                                  0x0061a277
                                                  0x0061a279
                                                  0x0061a281
                                                  0x0061a283
                                                  0x0061a285
                                                  0x0061a286
                                                  0x0061a287
                                                  0x0061a28a
                                                  0x0061a28b
                                                  0x0061a28c
                                                  0x0061a28e
                                                  0x0061a290
                                                  0x0061a292
                                                  0x0061a293
                                                  0x0061a294
                                                  0x0061a297
                                                  0x0061a298
                                                  0x0061a29a
                                                  0x0061a29c
                                                  0x0061a29d
                                                  0x0061a2a2
                                                  0x0061a2a4
                                                  0x0061a2a6
                                                  0x0061a2a9
                                                  0x0061a2ac
                                                  0x0061a2ad
                                                  0x0061a2ae
                                                  0x0061a2af
                                                  0x0061a2b1
                                                  0x0061a2b3
                                                  0x0061a2b5
                                                  0x0061a2b6
                                                  0x0061a2b7
                                                  0x0061a2b9
                                                  0x0061a2ba
                                                  0x0061a2bd
                                                  0x0061a2bf
                                                  0x0061a2bf
                                                  0x0061a2c5
                                                  0x0061a2c7
                                                  0x0061a2c9
                                                  0x0061a2cb
                                                  0x0061a2cc
                                                  0x0061a2cc
                                                  0x0061a2cd
                                                  0x0061a2cf
                                                  0x0061a2d0
                                                  0x0061a2d2
                                                  0x0061a2d4
                                                  0x0061a2d6
                                                  0x0061a2d8
                                                  0x0061a2da
                                                  0x0061a2dc
                                                  0x0061a2e1
                                                  0x0061a2e3
                                                  0x0061a2e5
                                                  0x0061a2e8
                                                  0x0061a2ea
                                                  0x0061a2eb
                                                  0x0061a2f1
                                                  0x0061a2f4
                                                  0x0061a2f5
                                                  0x0061a2f8
                                                  0x0061a2fa
                                                  0x0061a2fc
                                                  0x0061a2fd
                                                  0x0061a2fe
                                                  0x0061a301
                                                  0x0061a302
                                                  0x0061a303
                                                  0x0061a305
                                                  0x0061a307
                                                  0x0061a309
                                                  0x0061a30b
                                                  0x0061a30e
                                                  0x0061a30f
                                                  0x0061a311
                                                  0x0061a313
                                                  0x0061a314
                                                  0x0061a319
                                                  0x0061a31b
                                                  0x0061a31d
                                                  0x0061a320
                                                  0x0061a323
                                                  0x0061a324
                                                  0x0061a327
                                                  0x0061a329
                                                  0x0061a32b
                                                  0x0061a32e
                                                  0x0061a330
                                                  0x0061a331
                                                  0x0061a337
                                                  0x0061a33a
                                                  0x0061a33b
                                                  0x0061a33c
                                                  0x0061a33e
                                                  0x0061a340
                                                  0x0061a342
                                                  0x0061a343
                                                  0x0061a343
                                                  0x0061a344
                                                  0x0061a346
                                                  0x0061a347
                                                  0x0061a349
                                                  0x0061a34b
                                                  0x0061a34d
                                                  0x0061a352
                                                  0x0061a357
                                                  0x0061a35d
                                                  0x0061a35e
                                                  0x0061a35f
                                                  0x0061a361
                                                  0x0061a362
                                                  0x0061a368
                                                  0x0061a36b
                                                  0x0061a36c
                                                  0x0061a36f
                                                  0x0061a371
                                                  0x0061a373
                                                  0x0061a374
                                                  0x0061a375
                                                  0x0061a378
                                                  0x0061a379
                                                  0x0061a37a
                                                  0x0061a37c
                                                  0x0061a37e
                                                  0x0061a380
                                                  0x0061a381
                                                  0x0061a382
                                                  0x0061a385
                                                  0x0061a386
                                                  0x0061a388
                                                  0x0061a38a
                                                  0x0061a38b
                                                  0x0061a390
                                                  0x0061a392
                                                  0x0061a397
                                                  0x0061a39a
                                                  0x0061a39b
                                                  0x0061a39e
                                                  0x0061a3a0
                                                  0x0061a3a2
                                                  0x0061a3a5
                                                  0x0061a3a7
                                                  0x0061a3a8
                                                  0x0061a3ae
                                                  0x0061a3b1
                                                  0x0061a3b2
                                                  0x0061a3b3
                                                  0x0061a3b5
                                                  0x0061a3b7
                                                  0x0061a3b9
                                                  0x0061a3bb
                                                  0x0061a3bd
                                                  0x0061a3be
                                                  0x0061a3c0
                                                  0x0061a3c2
                                                  0x0061a3c9
                                                  0x0061a3ce
                                                  0x0061a3d4
                                                  0x0061a3d6
                                                  0x0061a3d8
                                                  0x0061a3d9
                                                  0x0061a3df
                                                  0x0061a3e2
                                                  0x0061a3e3
                                                  0x0061a3e6
                                                  0x0061a3e8
                                                  0x0061a3ea
                                                  0x0061a3eb
                                                  0x0061a3ec
                                                  0x0061a3ef
                                                  0x0061a3f0
                                                  0x0061a3f1
                                                  0x0061a3f3
                                                  0x0061a3f5
                                                  0x0061a3f7
                                                  0x0061a3f8
                                                  0x0061a3f9
                                                  0x0061a3fc
                                                  0x0061a3fd
                                                  0x0061a3ff
                                                  0x0061a401
                                                  0x0061a402
                                                  0x0061a407
                                                  0x0061a409
                                                  0x0061a40e
                                                  0x0061a411
                                                  0x0061a415
                                                  0x0061a417
                                                  0x0061a419
                                                  0x0061a41c
                                                  0x0061a41e
                                                  0x0061a41f
                                                  0x0061a425
                                                  0x0061a428
                                                  0x0061a429
                                                  0x0061a42a
                                                  0x0061a42c
                                                  0x0061a42e
                                                  0x0061a430
                                                  0x0061a431
                                                  0x0061a432
                                                  0x0061a434
                                                  0x0061a435
                                                  0x0061a437
                                                  0x0061a439
                                                  0x0061a43b
                                                  0x0061a43c
                                                  0x0061a43e
                                                  0x0061a441
                                                  0x0061a446
                                                  0x0061a448
                                                  0x0061a44a
                                                  0x0061a44d
                                                  0x0061a44f
                                                  0x0061a450
                                                  0x0061a456
                                                  0x0061a459
                                                  0x0061a45a
                                                  0x0061a45d
                                                  0x0061a45f
                                                  0x0061a461
                                                  0x0061a462
                                                  0x0061a463
                                                  0x0061a466
                                                  0x0061a467
                                                  0x0061a468
                                                  0x0061a46a
                                                  0x0061a46c
                                                  0x0061a46e
                                                  0x0061a46f
                                                  0x0061a470
                                                  0x0061a473
                                                  0x0061a474
                                                  0x0061a476
                                                  0x0061a478
                                                  0x0061a479
                                                  0x0061a47e
                                                  0x0061a480
                                                  0x0061a485
                                                  0x0061a488
                                                  0x0061a489
                                                  0x0061a48c
                                                  0x0061a48e
                                                  0x0061a490
                                                  0x0061a493
                                                  0x0061a495
                                                  0x0061a496
                                                  0x0061a49c
                                                  0x0061a49f
                                                  0x0061a4a0
                                                  0x0061a4a1
                                                  0x0061a4a3
                                                  0x0061a4a5
                                                  0x0061a4a7
                                                  0x0061a4a8
                                                  0x0061a4a9
                                                  0x0061a4ab
                                                  0x0061a4ac
                                                  0x0061a4ae
                                                  0x0061a4b0
                                                  0x0061a4b2
                                                  0x0061a4b4
                                                  0x0061a4b6
                                                  0x0061a4b8
                                                  0x0061a4bd
                                                  0x0061a4bf
                                                  0x0061a4c1
                                                  0x0061a4c4
                                                  0x0061a4c6
                                                  0x0061a4c7
                                                  0x0061a4c9
                                                  0x0061a4cc
                                                  0x0061a4d2
                                                  0x0061a4d4
                                                  0x0061a4d6
                                                  0x0061a4d8
                                                  0x0061a4d9
                                                  0x0061a4da
                                                  0x0061a4dd
                                                  0x0061a4de
                                                  0x0061a4df
                                                  0x0061a4e1
                                                  0x0061a4e3
                                                  0x0061a4e5
                                                  0x0061a4e7
                                                  0x0061a4ea
                                                  0x0061a4eb
                                                  0x0061a4ed
                                                  0x0061a4ef
                                                  0x0061a4f0
                                                  0x0061a4f5
                                                  0x0061a4f7
                                                  0x0061a4fc
                                                  0x0061a4ff
                                                  0x0061a505
                                                  0x0061a507
                                                  0x0061a50a
                                                  0x0061a50c
                                                  0x0061a50d
                                                  0x0061a50f
                                                  0x0061a512
                                                  0x0061a512
                                                  0x0061a518
                                                  0x0061a51a
                                                  0x0061a51c
                                                  0x0061a51e
                                                  0x0061a51f
                                                  0x0061a51f
                                                  0x0061a520
                                                  0x0061a522
                                                  0x0061a523
                                                  0x0061a525
                                                  0x0061a527
                                                  0x0061a529
                                                  0x0061a52c
                                                  0x0061a52f
                                                  0x0061a534
                                                  0x0061a536
                                                  0x0061a53b
                                                  0x0061a53d
                                                  0x0061a53e
                                                  0x0061a540
                                                  0x0061a543
                                                  0x0061a549
                                                  0x0061a54b
                                                  0x0061a54d
                                                  0x0061a54f
                                                  0x0061a550
                                                  0x0061a551
                                                  0x0061a554
                                                  0x0061a555
                                                  0x0061a556
                                                  0x0061a558
                                                  0x0061a55a
                                                  0x0061a55c
                                                  0x0061a55e
                                                  0x0061a561
                                                  0x0061a562
                                                  0x0061a564
                                                  0x0061a566
                                                  0x0061a567
                                                  0x0061a56c
                                                  0x0061a56e
                                                  0x0061a570
                                                  0x0061a573
                                                  0x0061a576
                                                  0x0061a577
                                                  0x0061a579
                                                  0x0061a57b
                                                  0x0061a57d
                                                  0x0061a57f
                                                  0x0061a580
                                                  0x0061a581
                                                  0x0061a583
                                                  0x0061a584
                                                  0x0061a586
                                                  0x0061a589
                                                  0x0061a589
                                                  0x0061a58f
                                                  0x0061a591
                                                  0x0061a593
                                                  0x0061a595
                                                  0x0061a596
                                                  0x0061a597
                                                  0x0061a599
                                                  0x0061a59a
                                                  0x0061a59c
                                                  0x0061a59e
                                                  0x0061a5a0
                                                  0x0061a5a2
                                                  0x0061a5a4
                                                  0x0061a5a6
                                                  0x0061a5ab
                                                  0x0061a5ad
                                                  0x0061a5af
                                                  0x0061a5b2
                                                  0x0061a5b4
                                                  0x0061a5b5
                                                  0x0061a5b7
                                                  0x0061a5ba
                                                  0x0061a5c0
                                                  0x0061a5c2
                                                  0x0061a5c4
                                                  0x0061a5c6
                                                  0x0061a5c7
                                                  0x0061a5c8
                                                  0x0061a5cb
                                                  0x0061a5cc
                                                  0x0061a5cd
                                                  0x0061a5cf
                                                  0x0061a5d1
                                                  0x0061a5d3
                                                  0x0061a5d5
                                                  0x0061a5d8
                                                  0x0061a5d9
                                                  0x0061a5db
                                                  0x0061a5dd
                                                  0x0061a5de
                                                  0x0061a5de
                                                  0x0061a5e3
                                                  0x0061a5e5
                                                  0x0061a5e7
                                                  0x0061a5ea
                                                  0x0061a5ed
                                                  0x0061a5ee
                                                  0x0061a5ef
                                                  0x0061a5f0
                                                  0x0061a5f2
                                                  0x0061a5f4
                                                  0x0061a5f6
                                                  0x0061a5f7
                                                  0x0061a5f8
                                                  0x0061a5fa
                                                  0x0061a5fb
                                                  0x0061a5fd
                                                  0x0061a600
                                                  0x0061a600
                                                  0x0061a606
                                                  0x0061a608
                                                  0x0061a60a
                                                  0x0061a60c
                                                  0x0061a60d
                                                  0x0061a60d
                                                  0x0061a60e
                                                  0x0061a611
                                                  0x0061a612
                                                  0x0061a615
                                                  0x0061a617
                                                  0x0061a619
                                                  0x0061a61a
                                                  0x0061a61b
                                                  0x0061a61d
                                                  0x0061a61e
                                                  0x0061a624
                                                  0x0061a627
                                                  0x0061a628
                                                  0x0061a62a
                                                  0x0061a62a
                                                  0x0061a62d
                                                  0x0061a62e
                                                  0x0061a630
                                                  0x00000000
                                                  0x00000000
                                                  0x0061a632
                                                  0x0061a637
                                                  0x0061a639
                                                  0x0061a63b
                                                  0x0061a63e
                                                  0x0061a640
                                                  0x0061a641
                                                  0x0061a647
                                                  0x0061a648
                                                  0x0061a64a
                                                  0x0061a64c
                                                  0x0061a64f
                                                  0x0061a652
                                                  0x0061a659
                                                  0x0061a65b
                                                  0x0061a660
                                                  0x0061a662
                                                  0x0061a667
                                                  0x0061a669
                                                  0x0061a66a
                                                  0x0061a66c
                                                  0x0061a66f
                                                  0x0061a675
                                                  0x0061a677
                                                  0x0061a679
                                                  0x0061a67b
                                                  0x0061a67c
                                                  0x0061a67d
                                                  0x0061a680
                                                  0x0061a682
                                                  0x0061a683
                                                  0x0061a686
                                                  0x0061a68b
                                                  0x0061a68d
                                                  0x0061a68f
                                                  0x0061a692
                                                  0x0061a695
                                                  0x0061a696
                                                  0x0061a699
                                                  0x0061a69b
                                                  0x0061a6a0
                                                  0x0061a6a3
                                                  0x0061a6a5
                                                  0x0061a6a8
                                                  0x0061a6a8
                                                  0x0061a6ae
                                                  0x0061a6b0
                                                  0x0061a6b2
                                                  0x0061a6b4
                                                  0x0061a6b5
                                                  0x0061a6b6
                                                  0x0061a6b8
                                                  0x0061a6b9
                                                  0x0061a6bb
                                                  0x0061a6bd
                                                  0x0061a6bf
                                                  0x0061a6c2
                                                  0x0061a6c2
                                                  0x0061a6c2
                                                  0x0061a6c2
                                                  0x0061a6c3
                                                  0x0061a6c5
                                                  0x0061a6ca
                                                  0x0061a6cc
                                                  0x0061a6d1
                                                  0x0061a6d4
                                                  0x0061a6d6
                                                  0x0061a6d9
                                                  0x0061a6e1
                                                  0x0061a6e3
                                                  0x0061a6e5
                                                  0x0061a6e6
                                                  0x0061a6e7
                                                  0x0061a6ea
                                                  0x0061a6eb
                                                  0x0061a6ec
                                                  0x0061a6ee
                                                  0x0061a6f0
                                                  0x0061a6f2
                                                  0x0061a6f3
                                                  0x0061a6f4
                                                  0x0061a6f7
                                                  0x0061a6f8
                                                  0x0061a6fa
                                                  0x0061a6fc
                                                  0x0061a6fd
                                                  0x0061a702
                                                  0x0061a704
                                                  0x0061a709
                                                  0x0061a70c
                                                  0x0061a70d
                                                  0x0061a710
                                                  0x0061a712
                                                  0x0061a714
                                                  0x0061a717
                                                  0x0061a71a
                                                  0x0061a71c
                                                  0x0061a71f
                                                  0x0061a71f
                                                  0x0061a725
                                                  0x0061a727
                                                  0x0061a729
                                                  0x0061a72b
                                                  0x0061a72c
                                                  0x0061a72c
                                                  0x0061a72d
                                                  0x0061a730
                                                  0x0061a732
                                                  0x0061a734
                                                  0x0061a736
                                                  0x0061a737
                                                  0x0061a739
                                                  0x0061a73c
                                                  0x0061a741
                                                  0x0061a743
                                                  0x0061a745
                                                  0x0061a748
                                                  0x0061a74b
                                                  0x0061a74d
                                                  0x0061a750
                                                  0x0061a758
                                                  0x0061a75a
                                                  0x0061a75c
                                                  0x0061a75e
                                                  0x0061a761
                                                  0x0061a762
                                                  0x0061a763
                                                  0x0061a765
                                                  0x0061a767
                                                  0x0061a769
                                                  0x0061a76a
                                                  0x0061a76b
                                                  0x0061a76e
                                                  0x0061a76f
                                                  0x0061a771
                                                  0x0061a773
                                                  0x0061a774
                                                  0x0061a774
                                                  0x0061a779
                                                  0x0061a77b
                                                  0x0061a780
                                                  0x0061a783
                                                  0x0061a787
                                                  0x0061a789
                                                  0x0061a78b
                                                  0x0061a78e
                                                  0x0061a791
                                                  0x0061a793
                                                  0x0061a796
                                                  0x0061a796
                                                  0x0061a79c
                                                  0x0061a79e
                                                  0x0061a7a0
                                                  0x0061a7a2
                                                  0x0061a7a4
                                                  0x0061a7a7
                                                  0x0061a7a8
                                                  0x0061a7ab
                                                  0x0061a7ad
                                                  0x0061a7af
                                                  0x0061a7b0
                                                  0x0061a7b1
                                                  0x0061a7b3
                                                  0x0061a7b4
                                                  0x0061a7ba
                                                  0x0061a7bd
                                                  0x0061a7be
                                                  0x0061a7c0
                                                  0x0061a7c0
                                                  0x0061a7c3
                                                  0x0061a7c4
                                                  0x0061a7c4
                                                  0x0061a7c8
                                                  0x0061a7cd
                                                  0x0061a7cf
                                                  0x0061a7d1
                                                  0x0061a7d4
                                                  0x0061a7d6
                                                  0x0061a7d7
                                                  0x0061a7dc
                                                  0x0061a7dc
                                                  0x0061a7dd
                                                  0x0061a7de
                                                  0x0061a7e0
                                                  0x0061a7e2
                                                  0x0061a7e5
                                                  0x0061a7e8
                                                  0x0061a7e9
                                                  0x0061a7ef
                                                  0x00000000
                                                  0x00000000
                                                  0x0061a7f1
                                                  0x0061a7f6
                                                  0x0061a7f8
                                                  0x0061a7fa
                                                  0x0061a7fd
                                                  0x0061a7ff
                                                  0x0061a800
                                                  0x0061a802
                                                  0x0061a805
                                                  0x0061a80b
                                                  0x0061a80d
                                                  0x0061a80f
                                                  0x0061a811
                                                  0x0061a813
                                                  0x0061a816
                                                  0x0061a818
                                                  0x0061a819
                                                  0x0061a81c
                                                  0x0061a821
                                                  0x0061a823
                                                  0x0061a828
                                                  0x0061a82b
                                                  0x0061a82f
                                                  0x0061a831
                                                  0x0061a833
                                                  0x0061a836
                                                  0x0061a838
                                                  0x0061a839
                                                  0x0061a83b
                                                  0x0061a83e
                                                  0x0061a83e
                                                  0x0061a844
                                                  0x0061a846
                                                  0x0061a848
                                                  0x0061a84f
                                                  0x0061a851
                                                  0x0061a851
                                                  0x0061a854
                                                  0x00000000
                                                  0x0061a856
                                                  0x0061a856
                                                  0x0061a858
                                                  0x0061a858
                                                  0x00000000
                                                  0x0061a854
                                                  0x0061a859
                                                  0x0061a861
                                                  0x0061a86b
                                                  0x0061a86d
                                                  0x0061a873
                                                  0x0061a875
                                                  0x0061a878
                                                  0x0061a87a
                                                  0x0061a87b
                                                  0x0061a87d
                                                  0x0061a880
                                                  0x0061a884
                                                  0x0061a886
                                                  0x0061a888
                                                  0x0061a88a
                                                  0x0061a890
                                                  0x0061a891
                                                  0x0061a892
                                                  0x0061a895
                                                  0x0061a896
                                                  0x0061a898
                                                  0x0061a89a
                                                  0x0061a89c
                                                  0x0061a8a2
                                                  0x0061a8a3
                                                  0x0061a8a4
                                                  0x0061a8a7
                                                  0x0061a8a8
                                                  0x0061a8aa
                                                  0x0061a8ac
                                                  0x0061a8ae
                                                  0x0061a8b4
                                                  0x0061a8b5
                                                  0x0061a8b6
                                                  0x0061a8b8
                                                  0x0061a8b9
                                                  0x0061a8ba
                                                  0x0061a8bc
                                                  0x0061a8be
                                                  0x0061a8c0
                                                  0x0061a8c6
                                                  0x0061a8c7
                                                  0x0061a8c8
                                                  0x0061a8ca
                                                  0x0061a8cb
                                                  0x0061a8cc
                                                  0x0061a8ce
                                                  0x0061a8d0
                                                  0x0061a8d2
                                                  0x0061a8d8
                                                  0x0061a8da
                                                  0x0061a8dc
                                                  0x0061a8dd
                                                  0x0061a8de
                                                  0x0061a8e0
                                                  0x0061a8e2
                                                  0x0061a8e4
                                                  0x0061a8ea
                                                  0x0061a8eb
                                                  0x0061a8ec
                                                  0x0061a8ee
                                                  0x0061a8ef
                                                  0x0061a8f0
                                                  0x0061a8f2
                                                  0x0061a8f4
                                                  0x0061a8f6
                                                  0x0061a8fc
                                                  0x0061a8fd
                                                  0x0061a8fe
                                                  0x0061a900
                                                  0x0061a901
                                                  0x0061a902
                                                  0x0061a904
                                                  0x0061a906
                                                  0x0061a908
                                                  0x0061a90e
                                                  0x0061a910
                                                  0x0061a912
                                                  0x0061a913
                                                  0x0061a914
                                                  0x0061a916
                                                  0x0061a918
                                                  0x0061a91a
                                                  0x0061a920
                                                  0x0061a922
                                                  0x0061a924
                                                  0x0061a925
                                                  0x0061a926
                                                  0x0061a928
                                                  0x0061a92a
                                                  0x0061a92c
                                                  0x0061a932
                                                  0x0061a933
                                                  0x0061a934
                                                  0x0061a936
                                                  0x0061a937
                                                  0x0061a938
                                                  0x0061a93a
                                                  0x0061a93c
                                                  0x0061a93e
                                                  0x0061a944
                                                  0x0061a946
                                                  0x0061a948
                                                  0x0061a949
                                                  0x0061a94a
                                                  0x0061a94c
                                                  0x0061a94e
                                                  0x0061a950
                                                  0x0061a956
                                                  0x0061a958
                                                  0x0061a95a
                                                  0x0061a95b
                                                  0x0061a95c
                                                  0x0061a95e
                                                  0x0061a960
                                                  0x0061a962
                                                  0x0061a968
                                                  0x0061a96a
                                                  0x0061a96c
                                                  0x0061a96d
                                                  0x0061a96e
                                                  0x0061a970
                                                  0x0061a972
                                                  0x0061a974
                                                  0x0061a97a
                                                  0x0061a97b
                                                  0x0061a97c
                                                  0x0061a97e
                                                  0x0061a97f
                                                  0x0061a980
                                                  0x0061a982
                                                  0x0061a984
                                                  0x0061a986
                                                  0x0061a98c
                                                  0x0061a98d
                                                  0x0061a98e
                                                  0x0061a990
                                                  0x0061a991
                                                  0x0061a992
                                                  0x0061a994
                                                  0x0061a996
                                                  0x0061a998
                                                  0x0061a99e
                                                  0x0061a9a4
                                                  0x0061a9a6
                                                  0x0061a9a8
                                                  0x0061a9aa
                                                  0x0061a9b0
                                                  0x0061a9b3
                                                  0x0061a9b5
                                                  0x0061a9b6
                                                  0x0061a9b8
                                                  0x0061a9ba
                                                  0x0061a9bc
                                                  0x0061a9c2
                                                  0x0061a9c5
                                                  0x0061a9c7
                                                  0x0061a9c8
                                                  0x0061a9ca
                                                  0x0061a9cc
                                                  0x0061a9ce
                                                  0x0061a9d4
                                                  0x0061a9d5
                                                  0x0061a9d6
                                                  0x0061a9d8
                                                  0x0061a9d9
                                                  0x0061a9da
                                                  0x0061a9dc
                                                  0x0061a9de
                                                  0x0061a9e0
                                                  0x0061a9e6
                                                  0x0061a9e7
                                                  0x0061a9ec
                                                  0x0061a9ee
                                                  0x0061a9f0
                                                  0x0061a9f2
                                                  0x0061a9f8
                                                  0x0061a9f9
                                                  0x0061a9fb
                                                  0x0061a9fd
                                                  0x0061a9fe
                                                  0x0061aa00
                                                  0x0061aa02
                                                  0x0061aa04
                                                  0x0061aa0a
                                                  0x0061aa0b
                                                  0x0061aa0d
                                                  0x0061aa0f
                                                  0x0061aa10
                                                  0x0061aa12
                                                  0x0061aa14
                                                  0x0061aa16
                                                  0x0061aa17
                                                  0x0061aa19
                                                  0x0061aa1c
                                                  0x0061aa22
                                                  0x0061aa29
                                                  0x0061aa2b
                                                  0x0061aa32
                                                  0x0061aa33
                                                  0x0061aa39
                                                  0x0061aa3c
                                                  0x0061aa3e
                                                  0x0061aa40

                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.674723416.0000000000612000.00000002.00020000.sdmp, Offset: 00610000, based on PE: true
                                                  • Associated: 00000000.00000002.674712693.0000000000610000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 494e1b78a4b24a2237fedcd9816ae12ba41eceab8ef0908a8e055917aae5cf01
                                                  • Instruction ID: b0bd2f8bbc29cab2d694eaf12b3aef61d73532258180763fe43837f763860e72
                                                  • Opcode Fuzzy Hash: 494e1b78a4b24a2237fedcd9816ae12ba41eceab8ef0908a8e055917aae5cf01
                                                  • Instruction Fuzzy Hash: 4AF2376100EBC26FE7034B745D326E27FB5AE53224B0E04C7D4C08F5A3E2151AA9DBB6
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A6B6E8, Relevance: 1.5, Strings: 1, Instructions: 273COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: oFD
                                                  • API String ID: 0-3185644199
                                                  • Opcode ID: da831f843ab5f8644eb069c5b035cade75f998ac68926ba71dbd7fbe90307066
                                                  • Instruction ID: 410656a471619b614018f4b3bf6cf6cc3321dabc15391049510402312b5a51f5
                                                  • Opcode Fuzzy Hash: da831f843ab5f8644eb069c5b035cade75f998ac68926ba71dbd7fbe90307066
                                                  • Instruction Fuzzy Hash: CFC15A74D14219DFDB54DFAAC5805ADFBB2FF89304F2081AAD415AB395D734AA02CFA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A64FD8, Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: f]kq
                                                  • API String ID: 0-4201003494
                                                  • Opcode ID: d0f0a755c27dee28069723f5923982d2b752b8c0e716096f57b35fbce75d7c6c
                                                  • Instruction ID: 5ac44b804da66dc2734480977cc242dff814b729074e36a197b93152c330de66
                                                  • Opcode Fuzzy Hash: d0f0a755c27dee28069723f5923982d2b752b8c0e716096f57b35fbce75d7c6c
                                                  • Instruction Fuzzy Hash: 0B21FEB2E016188FEB18CFABD84569EFBF3AFC9310F19C0B6D548AA255D73049468F51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A68C50, Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: M2Wc
                                                  • API String ID: 0-1318360435
                                                  • Opcode ID: 346f530355bce8b8608773e660d1d5c4a7b073b973465c627f8ccd043102f6eb
                                                  • Instruction ID: cd132e4800f13f209e2ad5368f5b0a1fbea45e000b5f806138937b53f6c7137f
                                                  • Opcode Fuzzy Hash: 346f530355bce8b8608773e660d1d5c4a7b073b973465c627f8ccd043102f6eb
                                                  • Instruction Fuzzy Hash: EA1109B0E01609CBEB48DFABC94159EFBF7BBC9300F24C17AD518AB255DA3456428F50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A64E2A, Relevance: .2, Instructions: 207COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2f9c07d38ff1c0cea91e905cc8ff0f4d10229d45d4f5cb64d3b3567561db7cf6
                                                  • Instruction ID: a95effdc39329d162a726bcddb0df249125e8ed7123645ae7ffe09b61a623eb0
                                                  • Opcode Fuzzy Hash: 2f9c07d38ff1c0cea91e905cc8ff0f4d10229d45d4f5cb64d3b3567561db7cf6
                                                  • Instruction Fuzzy Hash: 3B91F070D1520ADFDB44DFAAC5818AEFBF1FB89200F14D56AE416BB254D338AA41CF94
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A69498, Relevance: .2, Instructions: 204COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 13d7c7e507e7fd6e0133382e564481e92f1d58886a6c8625ebd2141f0f036094
                                                  • Instruction ID: a05d1e952afd6e0f4eb3079282c1855a7f5dcb5ef5bcdbf7e8917d31258851dd
                                                  • Opcode Fuzzy Hash: 13d7c7e507e7fd6e0133382e564481e92f1d58886a6c8625ebd2141f0f036094
                                                  • Instruction Fuzzy Hash: 4A9113B4D0520A9FCB44DFAAC5819AEFBF2BF89321F648159E414AB354D7709A42CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A63A08, Relevance: .2, Instructions: 163COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c83b1e8c290ca1848ab9ceecbeb5dd0e90bbe0cebe38c3faebbb3b1fd455921e
                                                  • Instruction ID: 99e77c89337c192c692777f6c957bc5f2a36815186ca75ec8db969b55a86a08d
                                                  • Opcode Fuzzy Hash: c83b1e8c290ca1848ab9ceecbeb5dd0e90bbe0cebe38c3faebbb3b1fd455921e
                                                  • Instruction Fuzzy Hash: 9671EA74E25219EFDB80CFAAD48499DFBF1FB49310F10E49AE415AB251D334AA42CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A639FA, Relevance: .2, Instructions: 163COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e446e732d948d73bd6b4665789f730d13045347224567c0d6a85a5a54fc15d5d
                                                  • Instruction ID: a4e6be40bac209941001cb56144819feed0e7e8d8de09a845eed8a4b3b0e165d
                                                  • Opcode Fuzzy Hash: e446e732d948d73bd6b4665789f730d13045347224567c0d6a85a5a54fc15d5d
                                                  • Instruction Fuzzy Hash: B071DB74E25219EFCB80CFAAD48499DFBF1FF49210F14E59AE415AB251D338AA42CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A686A0, Relevance: .2, Instructions: 153COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 02a8b188fe876a29481821538da0a80e8df7664540f64612a960395b2f4f234d
                                                  • Instruction ID: 08738fad4f8f705e0268c34bb815be081cd224e7257aea2adfb5e782ceeda0a4
                                                  • Opcode Fuzzy Hash: 02a8b188fe876a29481821538da0a80e8df7664540f64612a960395b2f4f234d
                                                  • Instruction Fuzzy Hash: 98611574E14218CFDB14DFAAC59059DFBB6FF89304F2481A9D819AB355C734AA42CFA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A68691, Relevance: .2, Instructions: 150COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e5d3d65785cdd5f726a4ac78b81fae6fc31983f7c9a15123c28c16606cd2ca1b
                                                  • Instruction ID: b1777af499e5e8e6b2ec5cfa9a72ae6a7aea8b001b45ff47ad412c61786e777d
                                                  • Opcode Fuzzy Hash: e5d3d65785cdd5f726a4ac78b81fae6fc31983f7c9a15123c28c16606cd2ca1b
                                                  • Instruction Fuzzy Hash: 56612474E14258CFDB54DFAAC58059DFBB2FF89304F24C1AAD419AB259C7349A42CF60
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A69879, Relevance: .1, Instructions: 147COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 333546bf2e585963f09b9721245bc2c2a949b1b6608f0c0779a981ecf0322fa4
                                                  • Instruction ID: b16eec713d0c0a01c90fcc24ff48df5732c30271e1122246307a33c9c6a29c6e
                                                  • Opcode Fuzzy Hash: 333546bf2e585963f09b9721245bc2c2a949b1b6608f0c0779a981ecf0322fa4
                                                  • Instruction Fuzzy Hash: F8518C71D0520A8FDF40DFAAC580AEEFBB2BF49324F14955AE414B72A0D7349A41CBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A64C08, Relevance: .1, Instructions: 141COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3f0e9e7c5a3e4004a2b61ebb1ef72397883ca02f01fb767e8c882a072bf23db3
                                                  • Instruction ID: 58dfd5ebe16ee5ea911c6bbf776c448c3952d2edc1631ef892a7a04c62c36537
                                                  • Opcode Fuzzy Hash: 3f0e9e7c5a3e4004a2b61ebb1ef72397883ca02f01fb767e8c882a072bf23db3
                                                  • Instruction Fuzzy Hash: D1511F74D15209DFEB44CFAAD5809AEBBF2FB89200F14D16AE416B7314D338AA458F94
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A64490, Relevance: .1, Instructions: 139COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 34eab0329f9e3b1bedd21a93bb701fc90928c2e71bfac99748e42532f90bc346
                                                  • Instruction ID: b08221d4af4ec6a9b02f2d49bffc062629e21c3654b1fd89e6fd765cfb00c1af
                                                  • Opcode Fuzzy Hash: 34eab0329f9e3b1bedd21a93bb701fc90928c2e71bfac99748e42532f90bc346
                                                  • Instruction Fuzzy Hash: 3251F0B4D1520AEFDB44DFAAD5858AEFBF1FF48200F14855AE419AB200C370AA41CFA5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A64C18, Relevance: .1, Instructions: 139COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7ff776b73bf9dadb553323330e5cf05f69f8518150ef4ac6bcbd6fa5c02b2fbf
                                                  • Instruction ID: 2aff7839a1d375fee19303601bde4b0cb26a7d7f38b3afcf0d34592c5d01c5b3
                                                  • Opcode Fuzzy Hash: 7ff776b73bf9dadb553323330e5cf05f69f8518150ef4ac6bcbd6fa5c02b2fbf
                                                  • Instruction Fuzzy Hash: F2510F70D15209DFEB44DFAAD5809AEFBF2FB89200F10D16AE416B7314D338AA458F94
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A64480, Relevance: .1, Instructions: 138COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 267ae5444f6f46b174c511edca7e6b1fc11ca9c21e3c4a93866a05393d2f8135
                                                  • Instruction ID: 327d1c3e11d6855aa3b6b17b6c9dbd06f09a74bd61096aaa62cf7248c11fe7f9
                                                  • Opcode Fuzzy Hash: 267ae5444f6f46b174c511edca7e6b1fc11ca9c21e3c4a93866a05393d2f8135
                                                  • Instruction Fuzzy Hash: 2B5124B4D1520AEFDB44DFAAD5849AEFBF2FF49310F148555E819AB201C330AA41CFA5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A69B00, Relevance: .1, Instructions: 137COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d8f610914b07a97884232d3e74dd4cb7298b8cceb715e7fa7e3469d3ef211ae0
                                                  • Instruction ID: 573c113c36f7d5d1df0b4df6b1344f51fa9c0ed2de611644ed481a7a3891e981
                                                  • Opcode Fuzzy Hash: d8f610914b07a97884232d3e74dd4cb7298b8cceb715e7fa7e3469d3ef211ae0
                                                  • Instruction Fuzzy Hash: 3751D174D00219DFEF54DFAAC944A9EBBB2BF89300F10816AE419AB355D7349A41CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A69AF0, Relevance: .1, Instructions: 135COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c115c898ad2a34bea0b3467050f8b99a9199b0793e24b1e67a55b53775e9da06
                                                  • Instruction ID: 802ef97dc660c47f2fcf6de78792c341b7ad1cd0f2824e08387ce9a6e6f52871
                                                  • Opcode Fuzzy Hash: c115c898ad2a34bea0b3467050f8b99a9199b0793e24b1e67a55b53775e9da06
                                                  • Instruction Fuzzy Hash: D7510570D0431ADFDF54DFAAC944A9EBBB2BF49300F10C1AAE419AB255E7349A41CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A65A11, Relevance: .1, Instructions: 128COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6b1dc419cf14a2d29f5c882bf2877c65c650fdceb58a87880e3882bf24152900
                                                  • Instruction ID: 79675ecab2ac6ca4e1a4ba1090f283cc73d44fa92f8f606af9d60e3337319cd9
                                                  • Opcode Fuzzy Hash: 6b1dc419cf14a2d29f5c882bf2877c65c650fdceb58a87880e3882bf24152900
                                                  • Instruction Fuzzy Hash: 6C518EB1E056588FEB58DF6B8D5429EFBF3AFC9200F18C5BAD44CAA255DB3009468F11
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A6C6D8, Relevance: .1, Instructions: 112COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8fd9fae7c78a6ccf97a734aeddd5131ffac4c8c66bb93b086212f18ff08b176c
                                                  • Instruction ID: 6440c30101b7c01d97871c08710e15629b8961235fae282fcacb11c208389139
                                                  • Opcode Fuzzy Hash: 8fd9fae7c78a6ccf97a734aeddd5131ffac4c8c66bb93b086212f18ff08b176c
                                                  • Instruction Fuzzy Hash: B4412AB5E1121A8FDB68DF26C9447A9BBF2AB88300F0085FAD51DA7650EB305A85CF40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A64A10, Relevance: .1, Instructions: 100COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 006e03eb26838c0169c116ed1f71c2bd88a1b9c0a2ab42243fe69be542f5153a
                                                  • Instruction ID: c3e62d74feeca0579d5ab0387310f9f817f987e5c3880c9a85f2b69d76442e35
                                                  • Opcode Fuzzy Hash: 006e03eb26838c0169c116ed1f71c2bd88a1b9c0a2ab42243fe69be542f5153a
                                                  • Instruction Fuzzy Hash: E5413771D0420AAFEB44CFAAC5815AEFBF2FB99300F14D46AD415AB250E7349B42CF95
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A64A20, Relevance: .1, Instructions: 99COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3a9d8b2af7da47c67955efd4d48aa0c8b462d1267e7e667c10e94d03b92dd5da
                                                  • Instruction ID: 434bf82d82a4086d99165fb48c3a2bf6dce0b6c1dc405a138eedc6f55dae8597
                                                  • Opcode Fuzzy Hash: 3a9d8b2af7da47c67955efd4d48aa0c8b462d1267e7e667c10e94d03b92dd5da
                                                  • Instruction Fuzzy Hash: CD41F570D0420AEFEB44DF9AD5815AEFBF2FB98310F10D46AE415AB244E7349B418F98
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A64E38, Relevance: .1, Instructions: 93COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 55d446fc48405f1c794f10fccf469c9d6f736c1a67c2ae0df0ac671f2795f52a
                                                  • Instruction ID: 12d2b8d3400e61ff1173c164cc2f092fe0a0ecf3e2c9fce97233eeb3a36ec991
                                                  • Opcode Fuzzy Hash: 55d446fc48405f1c794f10fccf469c9d6f736c1a67c2ae0df0ac671f2795f52a
                                                  • Instruction Fuzzy Hash: 7641EFB0D0520ADFDB44DFAAC5814AEFBF2EF89300F20D06AD515AB254D330AA81CB95
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A60230, Relevance: .1, Instructions: 77COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8c91b2069f884b03f79986807b0a11390e4e0173f3175d023d2a8576adb193ca
                                                  • Instruction ID: f8da5d40636ecad36e6c79a674bdc5c40264331ae47f333325c3a99ff426f9c9
                                                  • Opcode Fuzzy Hash: 8c91b2069f884b03f79986807b0a11390e4e0173f3175d023d2a8576adb193ca
                                                  • Instruction Fuzzy Hash: 55311971E006189FEB18DF6BD84169EFBF3BFC9300F04C1AAD408AA255DB305A458F51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06A6AB40, Relevance: .1, Instructions: 51COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.679065280.0000000006A60000.00000040.00000001.sdmp, Offset: 06A60000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ffa93610454aad00ebed74dba1d9e1aa196b845566d9db8c299bf9824de52e29
                                                  • Instruction ID: 32c6e68f73e78672d38a7e740c76901e30208cf61a0f7e5e73e5080acd6c95ac
                                                  • Opcode Fuzzy Hash: ffa93610454aad00ebed74dba1d9e1aa196b845566d9db8c299bf9824de52e29
                                                  • Instruction Fuzzy Hash: 0A11D4B1E10609CBDB18DFABC54519EFBF7BFC9200F24C26AD428AB255DB344A419F40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Analysis Process: purchase order Nl32855 (1).exe PID: 1668 Parent PID: 6824 purchase order Nl32855 (1).exeCOMMON

                                                  Executed Functions

                                                  Function 018DB748, Relevance: 2.2, Strings: 1, Instructions: 914COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: r
                                                  • API String ID: 0-1812594589
                                                  • Opcode ID: 0ce1ff5195c9996c0b77aef6a8150b3cb3c6dcd005b4652eb7765ffea1ae40f6
                                                  • Instruction ID: d093733b5f14c06f5d384a74e453720b457f89993862bf796a7adbd43204b013
                                                  • Opcode Fuzzy Hash: 0ce1ff5195c9996c0b77aef6a8150b3cb3c6dcd005b4652eb7765ffea1ae40f6
                                                  • Instruction Fuzzy Hash: 17823574A0070ACFCB15CF68C484AAEFBB2FF89310F158569D55AEB651D730AA81CF91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05602AF6, Relevance: 1.6, APIs: 1, Instructions: 79networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • bind.WS2_32(?,00000E2C,F27C5854,00000000,00000000,00000000,00000000), ref: 05602B87
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: bind
                                                  • String ID:
                                                  • API String ID: 1187836755-0
                                                  • Opcode ID: 3e13dbe212803dc44ada62c327e68bfa6e5c5d9b8e8962a679ca7029d16fe8c8
                                                  • Instruction ID: cbea7c8a1a499e5d01c19e08e1a5ddbd96f22afed5967c2d85f1620bc9913730
                                                  • Opcode Fuzzy Hash: 3e13dbe212803dc44ada62c327e68bfa6e5c5d9b8e8962a679ca7029d16fe8c8
                                                  • Instruction Fuzzy Hash: 20219FB55083846FE712CF25CC84F96BFA8EF06310F1884EBE984DF192D264A508CB71
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 056015BF, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0560163F
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: AdjustPrivilegesToken
                                                  • String ID:
                                                  • API String ID: 2874748243-0
                                                  • Opcode ID: aa6449fa973ed1ab9133a893b3f59a38effb68c729d71d1996dab2dc8fa57e27
                                                  • Instruction ID: 0cae675acbf12c9b2701c645a82c962d069f2884fd1275657c4f2d86bfd1a44c
                                                  • Opcode Fuzzy Hash: aa6449fa973ed1ab9133a893b3f59a38effb68c729d71d1996dab2dc8fa57e27
                                                  • Instruction Fuzzy Hash: A621BF755097809FEB228F25DC40B52BFF4EF07310F09859AE9858F6A3D270D808DB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05602FE2, Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WSARecv.WS2_32(?,00000E2C,F27C5854,00000000,00000000,00000000,00000000), ref: 05603052
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: Recv
                                                  • String ID:
                                                  • API String ID: 4192927123-0
                                                  • Opcode ID: eaca3fa2caed5a5ce3b737c2c65544beb836ed8c6ee3ad3d21376b69e759d725
                                                  • Instruction ID: 82e0d4093bde8438d823dc2c4eead3a18b29a70727083f64debcb05a88ecfa4f
                                                  • Opcode Fuzzy Hash: eaca3fa2caed5a5ce3b737c2c65544beb836ed8c6ee3ad3d21376b69e759d725
                                                  • Instruction Fuzzy Hash: D911A2B1500304AFEB22CF65DC44FA7FBA8EF04320F04886AE9459B655D275E408CBB1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 056019FB, Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 05601A71
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: InformationQuerySystem
                                                  • String ID:
                                                  • API String ID: 3562636166-0
                                                  • Opcode ID: b70b10f2713fd1544f0d3b7416f15eaecc988326d45bfa50421615a1008e6a4b
                                                  • Instruction ID: bc682986dd512c10837e1e5e76c15928d22176d6f406216bb744e03f8be075d3
                                                  • Opcode Fuzzy Hash: b70b10f2713fd1544f0d3b7416f15eaecc988326d45bfa50421615a1008e6a4b
                                                  • Instruction Fuzzy Hash: AD219D714097C09FDB238B21DC41A62FFB0EF17314F0984DBE9848B5A3D265A509DB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05602B26, Relevance: 1.6, APIs: 1, Instructions: 62networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • bind.WS2_32(?,00000E2C,F27C5854,00000000,00000000,00000000,00000000), ref: 05602B87
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: bind
                                                  • String ID:
                                                  • API String ID: 1187836755-0
                                                  • Opcode ID: d8a12f1030703382c0911ad8665887c0349763a8c095a27edb986f8c7ce1ad7c
                                                  • Instruction ID: baa2a1167eaab7ce028ec609c6bfcf19d64ba432df38c93e5d578e25bf6cbc99
                                                  • Opcode Fuzzy Hash: d8a12f1030703382c0911ad8665887c0349763a8c095a27edb986f8c7ce1ad7c
                                                  • Instruction Fuzzy Hash: AD11D0B5504304AFE721DF55CC88FA7BBE8EF04720F1488AAED499B681D374E404CAB1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05601741, Relevance: 1.6, APIs: 1, Instructions: 57nativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtSetInformationProcess.NTDLL(?,?,?,?), ref: 056017AD
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: InformationProcess
                                                  • String ID:
                                                  • API String ID: 1801817001-0
                                                  • Opcode ID: 704c341033821dc06876e1e18e9188d151f6415232b2e8e22eaa898c8ae7ebf5
                                                  • Instruction ID: b0ee30197c2606b7d20b9af6335bf15370d46aae7bca2b41e1da7149acdd00a7
                                                  • Opcode Fuzzy Hash: 704c341033821dc06876e1e18e9188d151f6415232b2e8e22eaa898c8ae7ebf5
                                                  • Instruction Fuzzy Hash: 7B11D0724093C49FDB228F25DC41A62FFB4EF06314F0980DEE9848F663D275A908CB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 056015F6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0560163F
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: AdjustPrivilegesToken
                                                  • String ID:
                                                  • API String ID: 2874748243-0
                                                  • Opcode ID: fd4836a3db1e0791a84ec9b50b85ec449f62394c36c3e934a12805dce854421e
                                                  • Instruction ID: aff686c32c5629d32e931176fd32e56284f35333f9c1d5a011879fc5011b4727
                                                  • Opcode Fuzzy Hash: fd4836a3db1e0791a84ec9b50b85ec449f62394c36c3e934a12805dce854421e
                                                  • Instruction Fuzzy Hash: A7115E715047009FEB20CF55DC44B66FBE4EF05320F08846AED458BA52D375E458DF61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0560181A, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetSystemInfo.KERNELBASE(?), ref: 0560184C
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: InfoSystem
                                                  • String ID:
                                                  • API String ID: 31276548-0
                                                  • Opcode ID: ef77d5b9d0e3f25d9b7d8d818c83fcb984ca885862fd3157ddd070d78ac90590
                                                  • Instruction ID: e0c94963061eff07118de66d1d19645f045339e90162650a978184b9835a3aae
                                                  • Opcode Fuzzy Hash: ef77d5b9d0e3f25d9b7d8d818c83fcb984ca885862fd3157ddd070d78ac90590
                                                  • Instruction Fuzzy Hash: 2201AD709043408FEB60CF5AD885766FBA4EF05320F18C4AADD488F656E279E508CBA2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05601772, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtSetInformationProcess.NTDLL(?,?,?,?), ref: 056017AD
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: InformationProcess
                                                  • String ID:
                                                  • API String ID: 1801817001-0
                                                  • Opcode ID: c1a3ffad351f7af067d50220e99ae60c10664f2e7f8b285357ad625c8ea7bd67
                                                  • Instruction ID: 3bd2144c50dd9b7f9b0d0a239886276be6cb1d1ccdc51d5a1e3a157eac82eb25
                                                  • Opcode Fuzzy Hash: c1a3ffad351f7af067d50220e99ae60c10664f2e7f8b285357ad625c8ea7bd67
                                                  • Instruction Fuzzy Hash: BC0178355046449FEB208F56DC84B22FBA0EF09320F08C49ADE894AA96D376A418CB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05601A36, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 05601A71
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: InformationQuerySystem
                                                  • String ID:
                                                  • API String ID: 3562636166-0
                                                  • Opcode ID: c1a3ffad351f7af067d50220e99ae60c10664f2e7f8b285357ad625c8ea7bd67
                                                  • Instruction ID: 5ec508a38947ab434f4d8c080f9491621c4392e743a369962fa5b57df95b0a19
                                                  • Opcode Fuzzy Hash: c1a3ffad351f7af067d50220e99ae60c10664f2e7f8b285357ad625c8ea7bd67
                                                  • Instruction Fuzzy Hash: EC018B315047409FEB20CF5ADD84B22FFA0EF09320F08C49ADE494BA56D776A458CBB2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D23A0, Relevance: .5, Instructions: 505COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 093eb5b4edb6f4434f573b8d34aa7b8aa460f1e7ff86d319ab8b6fe967cbf9a3
                                                  • Instruction ID: bd994bae35f01008d0dcb317329a760544aef4f26fc4c02cc3a4b2fd725f8eef
                                                  • Opcode Fuzzy Hash: 093eb5b4edb6f4434f573b8d34aa7b8aa460f1e7ff86d319ab8b6fe967cbf9a3
                                                  • Instruction Fuzzy Hash: 95128730A00319CFDB25CF69C5846AEBBF3FB88318F248169D816EB295DB749E45CB51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D8E78, Relevance: .5, Instructions: 505COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 68c8e34ec4b5a2b88c7e502d8c1c55d732573b906dddf83a227efd7c7505c9c7
                                                  • Instruction ID: 70d497769c0d04b4736860d1fd10bc6e82c51a88705b7b6f1a76702b7c04edb3
                                                  • Opcode Fuzzy Hash: 68c8e34ec4b5a2b88c7e502d8c1c55d732573b906dddf83a227efd7c7505c9c7
                                                  • Instruction Fuzzy Hash: 60127530E04329CFDB14DF69C88466DBBF2BB89319F6485AAE016DB251DB78DA45CF40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D2FA8, Relevance: .2, Instructions: 239COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 295b4384e745beddf9b0820182affacf7565e0233f1c69bff5a10967034eeba9
                                                  • Instruction ID: 27e739afed25e2fd48354690b87f95059ed52715144e31f6bcd57192aecfe4bd
                                                  • Opcode Fuzzy Hash: 295b4384e745beddf9b0820182affacf7565e0233f1c69bff5a10967034eeba9
                                                  • Instruction Fuzzy Hash: 7E818E72F012199BD714DB69C884A6EBBF3AFC8315F2A8164D815EB355DE30DD018B91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D9A78, Relevance: .2, Instructions: 239COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4bca11ff45eff23aae7856d04147c433536b0427472dde13138bdd4accbb4d85
                                                  • Instruction ID: 4fb4e2bd15b12001a3b882240526c11b7d0eaf2d03bed99cb0e346478d524e88
                                                  • Opcode Fuzzy Hash: 4bca11ff45eff23aae7856d04147c433536b0427472dde13138bdd4accbb4d85
                                                  • Instruction Fuzzy Hash: 63816D32F012199BDB14DB6DD884A6EB7E3AFC4319F2A8165E406EB355DE30DD41CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D9B3F, Relevance: .2, Instructions: 179COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d9b11b50b3b04769ed5c8a12e1a36bb8eb723de960a7bc7d80e0da60e58108e4
                                                  • Instruction ID: b1d71a952b36985123b9e1130c255c4ac8e8bd53cabfe6c6a727ddf7fc0ac64e
                                                  • Opcode Fuzzy Hash: d9b11b50b3b04769ed5c8a12e1a36bb8eb723de960a7bc7d80e0da60e58108e4
                                                  • Instruction Fuzzy Hash: 94516832F015169BD714DA6DC884B9EB7E3AFC8315F2AC164E409EB369DE34ED418B90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D8920, Relevance: .0, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4a39ca01c47ca8ffd7da3e772a322d18aa9c349696258397171b8377bfa24c9b
                                                  • Instruction ID: f47d02040849836771d62ebfa576825d04960790d81467bb7d2c34076c1bd9f6
                                                  • Opcode Fuzzy Hash: 4a39ca01c47ca8ffd7da3e772a322d18aa9c349696258397171b8377bfa24c9b
                                                  • Instruction Fuzzy Hash: 99019A30D15304DFEB14DFA8E0887ADBFB5FB0B312F00A5A9D84AA3290CB345A80CB00
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 056001F4, Relevance: 3.1, APIs: 2, Instructions: 100synchronizationCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateMutexW.KERNELBASE(?,?), ref: 0560019D
                                                  • FindCloseChangeNotification.KERNELBASE(?), ref: 05600264
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: ChangeCloseCreateFindMutexNotification
                                                  • String ID:
                                                  • API String ID: 2967213129-0
                                                  • Opcode ID: c0306f6f38abd09df283de32dc1178a9ba53da76c3cac17776c3cce7f0f423b3
                                                  • Instruction ID: b42a134e5787aa3bb0f7c164a5e3b04ba3c8a1880c42f970cfb372335f5eeece
                                                  • Opcode Fuzzy Hash: c0306f6f38abd09df283de32dc1178a9ba53da76c3cac17776c3cce7f0f423b3
                                                  • Instruction Fuzzy Hash: E031D4714093809FE715CF65E989BA6BFA4EF02324F0884EFDD448F692D375A909CB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D9D8B, Relevance: 2.7, Strings: 2, Instructions: 187COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $>_kq
                                                  • API String ID: 0-1412446344
                                                  • Opcode ID: 6f0d64244ac84c83efb53cba463bab87fce936b4b779a49604f752a823a1d531
                                                  • Instruction ID: bbfd6d61be2a4da8cf274f9a661cc5750855befbcb9a23be1323a627f9ee60c2
                                                  • Opcode Fuzzy Hash: 6f0d64244ac84c83efb53cba463bab87fce936b4b779a49604f752a823a1d531
                                                  • Instruction Fuzzy Hash: DD51E671F043098FCB14DF79C8405AEBBB2EBC5318B2584BAD11AD7245DB719E06C791
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D3B6B, Relevance: 1.6, Strings: 1, Instructions: 387COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: >_kq
                                                  • API String ID: 0-4149988037
                                                  • Opcode ID: 250a6ba0dbee8176717883e00b1b7130240b4aa56be202d7db1524b994789d15
                                                  • Instruction ID: c93e85917e2c6106afe4c7aa8788a9fd9126d22c4b549ae6d45c4f83d90dd9aa
                                                  • Opcode Fuzzy Hash: 250a6ba0dbee8176717883e00b1b7130240b4aa56be202d7db1524b994789d15
                                                  • Instruction Fuzzy Hash: 51E16DB1600209CFCB16CF58C4849A9FBB2FF89314B29C595E909DF266C770EE46CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05602908, Relevance: 1.6, APIs: 1, Instructions: 107COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • getaddrinfo.WS2_32(?,00000E2C), ref: 056029EB
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: getaddrinfo
                                                  • String ID:
                                                  • API String ID: 300660673-0
                                                  • Opcode ID: b8ff64e4b06e9033f5d8431f7a7460c3f2a539e25451e49653a971c45ecc823d
                                                  • Instruction ID: 93151dbf9de67484387c4a4d7a93f77ad04f445f131e293fc6e00dbca7b1fd8d
                                                  • Opcode Fuzzy Hash: b8ff64e4b06e9033f5d8431f7a7460c3f2a539e25451e49653a971c45ecc823d
                                                  • Instruction Fuzzy Hash: FB31E5B21043406FE7228F24DC45FA6BFACFF05320F14899AF9849B192D674A909CB71
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05601B7C, Relevance: 1.6, APIs: 1, Instructions: 101registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RegQueryValueExW.KERNELBASE(?,00000E2C,?,?), ref: 05601C4E
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: QueryValue
                                                  • String ID:
                                                  • API String ID: 3660427363-0
                                                  • Opcode ID: acd3a997aeb360cd9d797e14ab3245c9d34b8e19d795918e1e90819941ef3af3
                                                  • Instruction ID: da52999b3f9800c6ac1a86c7629fe0564f9411362500ef933d7ac13c2cd048a7
                                                  • Opcode Fuzzy Hash: acd3a997aeb360cd9d797e14ab3245c9d34b8e19d795918e1e90819941ef3af3
                                                  • Instruction Fuzzy Hash: 4F31576540E7C05FD3138B358C61A61BFB4EF47624F0A85CBD8848B5A3D169691AC7B2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05601E9B, Relevance: 1.6, APIs: 1, Instructions: 98networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WSASocketW.WS2_32(?,?,?,?,?), ref: 05601F56
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: Socket
                                                  • String ID:
                                                  • API String ID: 38366605-0
                                                  • Opcode ID: 312f462eb6ffd9ce1535fb7a93732ee11206edb1130ed9cd519bab41c41950b2
                                                  • Instruction ID: e42c2754b0d66d6cc6cbb6be467c45f082efd9f5731e7f247c78eaeceb8b8cda
                                                  • Opcode Fuzzy Hash: 312f462eb6ffd9ce1535fb7a93732ee11206edb1130ed9cd519bab41c41950b2
                                                  • Instruction Fuzzy Hash: CF314D7140D7C06FE7238B659C55B56BFB4EF07210F0988DBE9858F6A3D265A808CB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 056010B8, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 0560115B
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: DuplicateHandle
                                                  • String ID:
                                                  • API String ID: 3793708945-0
                                                  • Opcode ID: 45e0ef437af3dcb49a46bca498bb37d0c38cc9126f1957f167d07f477fee64f5
                                                  • Instruction ID: e73299352f0a80903d9dfc716b34b2a7a48c86ad2bce7e6e53cf9e080517f14e
                                                  • Opcode Fuzzy Hash: 45e0ef437af3dcb49a46bca498bb37d0c38cc9126f1957f167d07f477fee64f5
                                                  • Instruction Fuzzy Hash: E63193715043846FEB228F65DC44F67BFACEF05320F0489AEE985DB152D234E919CB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05600E58, Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetTempFileNameW.KERNELBASE(?,00000E2C,?,?), ref: 05600F1A
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: FileNameTemp
                                                  • String ID:
                                                  • API String ID: 745986568-0
                                                  • Opcode ID: 07da078b60eacf981114ded630b42229cee7ceb7fb2111ee7d7e989a212292fc
                                                  • Instruction ID: fb6d92c40d646a38d42c7e8ee0e8791212f8e5ffdb719e36502b79ba1afbe342
                                                  • Opcode Fuzzy Hash: 07da078b60eacf981114ded630b42229cee7ceb7fb2111ee7d7e989a212292fc
                                                  • Instruction Fuzzy Hash: F5317A6140E7C06FD7138B258C51B62BFB4EF47620F0E85DBD9848F5A3D225A81AC7A2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05600390, Relevance: 1.6, APIs: 1, Instructions: 93registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RegQueryValueExA.KERNELBASE(?,00000E2C), ref: 0560045E
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: QueryValue
                                                  • String ID:
                                                  • API String ID: 3660427363-0
                                                  • Opcode ID: f4aa528d4aa67dafe68d529f51bb5396662ee71a5311dd52a98bb179607ee52b
                                                  • Instruction ID: 53e0a049634bd924ef03b0a7fc544ddcd070e2ce226e081eaf8648e6f42dde27
                                                  • Opcode Fuzzy Hash: f4aa528d4aa67dafe68d529f51bb5396662ee71a5311dd52a98bb179607ee52b
                                                  • Instruction Fuzzy Hash: 0031D771004344AFE7228F11CC45FA6FFB8EF05314F14459EE9858B192D375A949CB71
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 056007F4, Relevance: 1.6, APIs: 1, Instructions: 92fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 05600899
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: CreateFile
                                                  • String ID:
                                                  • API String ID: 823142352-0
                                                  • Opcode ID: f32f2c2443f3181e0508b25842e8ded37fa20da71360d3268c253b9ee9004e8c
                                                  • Instruction ID: 7d05dc8707d1ee7c72f15a465be7e5263f443f2be6689717e90e6fa338eba83d
                                                  • Opcode Fuzzy Hash: f32f2c2443f3181e0508b25842e8ded37fa20da71360d3268c253b9ee9004e8c
                                                  • Instruction Fuzzy Hash: 1F316EB1504780AFEB22CF65DC44F66BFE8FF05220F0884AEE9858B652D265E409DB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 056000F6, Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateMutexW.KERNELBASE(?,?), ref: 0560019D
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: CreateMutex
                                                  • String ID:
                                                  • API String ID: 1964310414-0
                                                  • Opcode ID: f0b66638b012e2bfb36c195763c3c2ea531880e0f980b725cc74453f712540fe
                                                  • Instruction ID: 8c3b0d962c89e01cd473848719d26b2644f8a2ca9a5251d4f034b90cd591ce78
                                                  • Opcode Fuzzy Hash: f0b66638b012e2bfb36c195763c3c2ea531880e0f980b725cc74453f712540fe
                                                  • Instruction Fuzzy Hash: 43318FB15097806FE722CB65DC85B56BFF8EF06310F08849AE985CB292D375E909C761
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 056011B9, Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetExitCodeProcess.KERNELBASE(?,00000E2C,F27C5854,00000000,00000000,00000000,00000000), ref: 0560125C
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: CodeExitProcess
                                                  • String ID:
                                                  • API String ID: 3861947596-0
                                                  • Opcode ID: f7e415fc3bd5791d3fb291ec7af586d14958ea55e771e76cfee26a3cebf14b79
                                                  • Instruction ID: 5637a384bdc93ddf026e19815e4e8803c8ccc7813b3566d8f890a7ae0987d1f3
                                                  • Opcode Fuzzy Hash: f7e415fc3bd5791d3fb291ec7af586d14958ea55e771e76cfee26a3cebf14b79
                                                  • Instruction Fuzzy Hash: 9531D4715093C05FEB12CB25DC55FA6BFA8EF46710F0984DAE984DF1A3D224A908C761
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 056021FE, Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E2C), ref: 0560229B
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: DescriptorSecurity$ConvertString
                                                  • String ID:
                                                  • API String ID: 3907675253-0
                                                  • Opcode ID: d8b053aa94f459f055cc1026848b506edd268799db4046609cf5971f5b9f1dc2
                                                  • Instruction ID: 297bbf983c89f224aacad331a66d144523beb11b1261e16799c0cb0f3812e2dd
                                                  • Opcode Fuzzy Hash: d8b053aa94f459f055cc1026848b506edd268799db4046609cf5971f5b9f1dc2
                                                  • Instruction Fuzzy Hash: 3321C371504345AFEB25CF65DC45F67BFACEF05310F0884AAE944DB182D624E808CB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05602CBF, Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • setsockopt.WS2_32(?,00000E2C,F27C5854,00000000,00000000,00000000,00000000), ref: 05602D65
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: setsockopt
                                                  • String ID:
                                                  • API String ID: 3981526788-0
                                                  • Opcode ID: f67a0c5d6676888a14a7a9a6a8adf1448e8c22f983b6afbfbbac388224871db3
                                                  • Instruction ID: 2807116b82e933b19222fb95da5b20360ad54154b1cd4c35fc27e261a0f8186d
                                                  • Opcode Fuzzy Hash: f67a0c5d6676888a14a7a9a6a8adf1448e8c22f983b6afbfbbac388224871db3
                                                  • Instruction Fuzzy Hash: B53171715097806FE722CF25DC55F96BFB8EF46310F0884DAE9849F1A3D225A909C771
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0560249C, Relevance: 1.6, APIs: 1, Instructions: 87fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: FileView
                                                  • String ID:
                                                  • API String ID: 3314676101-0
                                                  • Opcode ID: 2d642d67dd1753fc765e96be0fefa2add10d7c726367c5ad6d1066a5ff46b2a0
                                                  • Instruction ID: e73f0997602509d543b0d3ed3b07bc734a3cb3e2989702e774d8250d2b9a5dc1
                                                  • Opcode Fuzzy Hash: 2d642d67dd1753fc765e96be0fefa2add10d7c726367c5ad6d1066a5ff46b2a0
                                                  • Instruction Fuzzy Hash: DA3193B2404780AFE722CB65DC45F56FFF8EF05320F04859EE9849B252D365A509CB65
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 056004AB, Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RegQueryValueExW.KERNELBASE(?,00000E2C,F27C5854,00000000,00000000,00000000,00000000), ref: 0560055C
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: QueryValue
                                                  • String ID:
                                                  • API String ID: 3660427363-0
                                                  • Opcode ID: 9b50eed6fcf11b2c95c6b1dd214d4020ecebc5508c2549f1de232c339064c42e
                                                  • Instruction ID: d284f6e09e9e48cd6652e08c4eaa173b217214bb3e433758fe23beef605249a4
                                                  • Opcode Fuzzy Hash: 9b50eed6fcf11b2c95c6b1dd214d4020ecebc5508c2549f1de232c339064c42e
                                                  • Instruction Fuzzy Hash: CD318271109780AFD722CB65DD44F52BFF8EF06320F4885DAE9859B5A3D264E808CB71
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05602946, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • getaddrinfo.WS2_32(?,00000E2C), ref: 056029EB
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: getaddrinfo
                                                  • String ID:
                                                  • API String ID: 300660673-0
                                                  • Opcode ID: 1b1f68d109abca62457258bf18f4be50e78fcb67c024b75e81e2c7bc7fed354d
                                                  • Instruction ID: df9b01c1d89419c6b25b7f9889843a2f32ddbe43074c8759974988cdce00bad6
                                                  • Opcode Fuzzy Hash: 1b1f68d109abca62457258bf18f4be50e78fcb67c024b75e81e2c7bc7fed354d
                                                  • Instruction Fuzzy Hash: 9D21A171500304AFFB31DF65CC89FAAFBACEF08710F14885AFA459A181D675A549CB71
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05602EC9, Relevance: 1.6, APIs: 1, Instructions: 80networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WSASend.WS2_32(?,00000E2C,F27C5854,00000000,00000000,00000000,00000000), ref: 05602F5E
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: Send
                                                  • String ID:
                                                  • API String ID: 121738739-0
                                                  • Opcode ID: 10b3e602439f75327abe7494d17d35b08edc93c37d3f21a2abff2c7cff289509
                                                  • Instruction ID: df675dbc9bf0d84af956e8af267789d65c907865b50bce0230f2a52c3d7c522a
                                                  • Opcode Fuzzy Hash: 10b3e602439f75327abe7494d17d35b08edc93c37d3f21a2abff2c7cff289509
                                                  • Instruction Fuzzy Hash: E721A1B2404344AFEB228F65DC44FA7BFACEF45320F0488AAE9859B152D235E409CB71
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 056010DE, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 0560115B
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: DuplicateHandle
                                                  • String ID:
                                                  • API String ID: 3793708945-0
                                                  • Opcode ID: 486e9a609fa160ba9f4c284bb6ef9caabd455d1e8b69303d47f35634e8597fdf
                                                  • Instruction ID: 0403671a5d7c1a5505a09d611435e953be290f09b10822246f5b0e4a34db81fc
                                                  • Opcode Fuzzy Hash: 486e9a609fa160ba9f4c284bb6ef9caabd455d1e8b69303d47f35634e8597fdf
                                                  • Instruction Fuzzy Hash: 0F21B072500704AFEB25CF69DC84F6BBBADEF04320F04886AED459A691D634E409CB71
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 056030B4, Relevance: 1.6, APIs: 1, Instructions: 80windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FormatMessageW.KERNELBASE(?,00000E2C,?,?), ref: 05603156
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: FormatMessage
                                                  • String ID:
                                                  • API String ID: 1306739567-0
                                                  • Opcode ID: 9f750e94a7d49e14c49c37fedc76d129fc18a3749e2d10b6b31772cb53c0dccd
                                                  • Instruction ID: 866d6bdc200b1a36a6470f43021ee7e00f09c62114b73a71397088b89604f74c
                                                  • Opcode Fuzzy Hash: 9f750e94a7d49e14c49c37fedc76d129fc18a3749e2d10b6b31772cb53c0dccd
                                                  • Instruction Fuzzy Hash: 9921D17150D3C46FD7128B658C51B66BFB4EF47710F0980DBD8848F2A3D224A919C7A2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 056002AB, Relevance: 1.6, APIs: 1, Instructions: 79registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RegOpenKeyExA.KERNELBASE(?,00000E2C), ref: 05600353
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: Open
                                                  • String ID:
                                                  • API String ID: 71445658-0
                                                  • Opcode ID: 9b45b910832b153c22673d8a201f97b01ff3d0e4afb9d94bd96b12291d5b27c6
                                                  • Instruction ID: 587c12b388ce70d7458fc96d3b32c084a0c227822a0445281f5ead10af74314a
                                                  • Opcode Fuzzy Hash: 9b45b910832b153c22673d8a201f97b01ff3d0e4afb9d94bd96b12291d5b27c6
                                                  • Instruction Fuzzy Hash: E02183750097806FE7228F21DC45FA6BFB8EF06310F1884DAE9849B1A3D265A949CB71
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 056023BA, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • OpenFileMappingW.KERNELBASE(?,?), ref: 05602445
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: FileMappingOpen
                                                  • String ID:
                                                  • API String ID: 1680863896-0
                                                  • Opcode ID: 52ab6b54d4ab944a65459e1ca061f6daac6137d65dbd5bbbcec9dfa1131e615b
                                                  • Instruction ID: 4c71bb49d29921a84f9825cd083b9ded15563092bc837bb4abc79b202a716861
                                                  • Opcode Fuzzy Hash: 52ab6b54d4ab944a65459e1ca061f6daac6137d65dbd5bbbcec9dfa1131e615b
                                                  • Instruction Fuzzy Hash: 432180B1509780AFE722CB25CC45F66FFA8EF05210F18859EE9859B292D275E808C761
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 056008F0, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetFileType.KERNELBASE(?,00000E2C,F27C5854,00000000,00000000,00000000,00000000), ref: 05600985
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: FileType
                                                  • String ID:
                                                  • API String ID: 3081899298-0
                                                  • Opcode ID: f3be18945849d0a66abe71ac667a45f2af3d2b3daef39605744695426e70123f
                                                  • Instruction ID: f9a76135a204d10ab67bcad655cb25d61846de559549576e0e166a2a04d73123
                                                  • Opcode Fuzzy Hash: f3be18945849d0a66abe71ac667a45f2af3d2b3daef39605744695426e70123f
                                                  • Instruction Fuzzy Hash: 1F21C8B54087846FE712CB25DC45FA3BFB8EF46720F1884DAE9849B153D224A909C7B1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05602FC2, Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WSARecv.WS2_32(?,00000E2C,F27C5854,00000000,00000000,00000000,00000000), ref: 05603052
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: Recv
                                                  • String ID:
                                                  • API String ID: 4192927123-0
                                                  • Opcode ID: 48f00bacb9c7c897a44e5b97775ae60334d643e2135b38470d373341d2d1da98
                                                  • Instruction ID: 4ae892849b528910e7087097ff7fa848f7a2b45670816a0b78b5afdaaedb877e
                                                  • Opcode Fuzzy Hash: 48f00bacb9c7c897a44e5b97775ae60334d643e2135b38470d373341d2d1da98
                                                  • Instruction Fuzzy Hash: 2B2183B1405344AFEB228F65DC44F97BFB8EF05310F04889BE9859B552D275E508CB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0560222A, Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E2C), ref: 0560229B
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: DescriptorSecurity$ConvertString
                                                  • String ID:
                                                  • API String ID: 3907675253-0
                                                  • Opcode ID: a75726bb6b1c906f34031119df90231153ca92cbf5712ac3d1f56caaba75805e
                                                  • Instruction ID: b542c9f64af2c906fc495077b59581c8620cc7e789b4aea85e34fc704852db80
                                                  • Opcode Fuzzy Hash: a75726bb6b1c906f34031119df90231153ca92cbf5712ac3d1f56caaba75805e
                                                  • Instruction Fuzzy Hash: 8C21C271600305AFEB25DE69DC89F6BFBACEF04320F04846AED45CB681D674E405CA71
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0560081A, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 05600899
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: CreateFile
                                                  • String ID:
                                                  • API String ID: 823142352-0
                                                  • Opcode ID: 685b656416b4113961f123668281efb35cf7fd0edb02ad1ca3d36912a9e9aaa6
                                                  • Instruction ID: 43f371e860fd7c906cb7aac3ad78589d5e8b49567c12d0936132f1920bf79290
                                                  • Opcode Fuzzy Hash: 685b656416b4113961f123668281efb35cf7fd0edb02ad1ca3d36912a9e9aaa6
                                                  • Instruction Fuzzy Hash: AA219C71604740AFEB25DF65CC48B66FBE8FF08320F48846EE9858B691D775E404CBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05600D79, Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RegSetValueExW.KERNELBASE(?,00000E2C,F27C5854,00000000,00000000,00000000,00000000), ref: 05600E10
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: Value
                                                  • String ID:
                                                  • API String ID: 3702945584-0
                                                  • Opcode ID: 4878d79bee9b70948aabadb5bc4cb8fa6159d106555edab9568ed8ba15c9328d
                                                  • Instruction ID: 4a16407eca1e879f3e5274df337784a5445f52d00b930e2e4f597f6772fa2236
                                                  • Opcode Fuzzy Hash: 4878d79bee9b70948aabadb5bc4cb8fa6159d106555edab9568ed8ba15c9328d
                                                  • Instruction Fuzzy Hash: 0221A4B6508740AFE7228F15DC45F67FFBCEF05320F48849AE9459B692D264E408CB71
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0560143E, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 056014BE
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: LookupPrivilegeValue
                                                  • String ID:
                                                  • API String ID: 3899507212-0
                                                  • Opcode ID: f22b4078edfd8f85a912a16123ae7d40af70dc3facd11fad801b3260094c43ab
                                                  • Instruction ID: f9ec2db1b75b2a4d4d200dd96b151e1f6be706235036b69b901a5ef88fd01e62
                                                  • Opcode Fuzzy Hash: f22b4078edfd8f85a912a16123ae7d40af70dc3facd11fad801b3260094c43ab
                                                  • Instruction Fuzzy Hash: AE2181725093805FE7128B65DC85B52BFA8EF06224F0984EFE985CF6A3D235D808C761
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 056009C0, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WriteFile.KERNELBASE(?,00000E2C,F27C5854,00000000,00000000,00000000,00000000), ref: 05600A51
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: FileWrite
                                                  • String ID:
                                                  • API String ID: 3934441357-0
                                                  • Opcode ID: 850fc86c5381a989df76dd224d31477f6e780b2419472ae5dbbb01278d1710b1
                                                  • Instruction ID: 936f63f8d81cadad8cf810ed1d77ad7492ec29ba61610d76830d243c6b9f788b
                                                  • Opcode Fuzzy Hash: 850fc86c5381a989df76dd224d31477f6e780b2419472ae5dbbb01278d1710b1
                                                  • Instruction Fuzzy Hash: 19216271509380AFE7228F65DD44F56BFB8EF46314F08849BE9849F553C265A409CB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 056003CA, Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RegQueryValueExA.KERNELBASE(?,00000E2C), ref: 0560045E
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: QueryValue
                                                  • String ID:
                                                  • API String ID: 3660427363-0
                                                  • Opcode ID: 769b1a9fd7c9f13426c728d57048f73c14af6b6d138fe88fe02f630b74c0839e
                                                  • Instruction ID: 2f893fd66d8f20fb63b74a9d292e7ead93aa42cf69009988a8271f2e03d41ba5
                                                  • Opcode Fuzzy Hash: 769b1a9fd7c9f13426c728d57048f73c14af6b6d138fe88fe02f630b74c0839e
                                                  • Instruction Fuzzy Hash: 5A21F272100304AEEB31CF15DC45FB7FBACEF04320F14895EEA858A681D6B5A409CBB1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0560012A, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateMutexW.KERNELBASE(?,?), ref: 0560019D
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: CreateMutex
                                                  • String ID:
                                                  • API String ID: 1964310414-0
                                                  • Opcode ID: 614bc5de9e1b67d821ad61abd87e9a3b1c08ddc8ff384321c9d25c5b92964a97
                                                  • Instruction ID: be76a2b3f68b6fcd13e4e5644200b296b4b1d1f67d08ec4f0ff1e7d02ecd2083
                                                  • Opcode Fuzzy Hash: 614bc5de9e1b67d821ad61abd87e9a3b1c08ddc8ff384321c9d25c5b92964a97
                                                  • Instruction Fuzzy Hash: 46218E71604340AFE724DF69DC89B6AFBE8EF04320F5484AAED458B781E775E504CA71
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05600723, Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateDirectoryW.KERNELBASE(?,?), ref: 0560079F
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: CreateDirectory
                                                  • String ID:
                                                  • API String ID: 4241100979-0
                                                  • Opcode ID: 426f9387fec0751433673a1d40c73db011be8523354684bf4cc217edc0f24f8f
                                                  • Instruction ID: 05a054d577f2400269f82028be3d71699b8b344029c0e6bc9adad756ba097d84
                                                  • Opcode Fuzzy Hash: 426f9387fec0751433673a1d40c73db011be8523354684bf4cc217edc0f24f8f
                                                  • Instruction Fuzzy Hash: 422183715093809FD755CB25DC89B56BFF8EF06214F0984EAE845CF692D274D908CB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 056012BF, Relevance: 1.6, APIs: 1, Instructions: 71fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DeleteFileA.KERNELBASE(?,00000E2C), ref: 0560134B
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: DeleteFile
                                                  • String ID:
                                                  • API String ID: 4033686569-0
                                                  • Opcode ID: 999acf991d73071ab9ce85373a3773193be0f45ac796e57ed0dd5038e677fb6b
                                                  • Instruction ID: 19c85ea50f86f93b83bea4fce83a5e906075b907df629163d8ce2f1f402d226c
                                                  • Opcode Fuzzy Hash: 999acf991d73071ab9ce85373a3773193be0f45ac796e57ed0dd5038e677fb6b
                                                  • Instruction Fuzzy Hash: 6D21C6715083806FE7258B25DC45F66BFA8EF05310F18809EFD459B192D274A948C761
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 056023DA, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • OpenFileMappingW.KERNELBASE(?,?), ref: 05602445
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: FileMappingOpen
                                                  • String ID:
                                                  • API String ID: 1680863896-0
                                                  • Opcode ID: 6fc4c918bddaf851806a557eadba2a5b2988223d727e8c23d74678e85e13f2c2
                                                  • Instruction ID: 9c4a2054b032799552328a6c43eb5f585d7b29c917125ef08f9e9e7a38253dee
                                                  • Opcode Fuzzy Hash: 6fc4c918bddaf851806a557eadba2a5b2988223d727e8c23d74678e85e13f2c2
                                                  • Instruction Fuzzy Hash: EC21F0B5604340AFE721CF29CC89B66FBE8EF04320F18846EED458B681D375E408CA71
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0560168C, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FindCloseChangeNotification.KERNELBASE(?), ref: 056016F8
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: ChangeCloseFindNotification
                                                  • String ID:
                                                  • API String ID: 2591292051-0
                                                  • Opcode ID: 8d348f37c641a7df4a4673e9c9fa60c10868ffcdf92aa74bdd5d7a63f2a82d75
                                                  • Instruction ID: c95251316f89d5b80b84db9b656b2d4df64649bcafbb18e20f28c8221d4c7002
                                                  • Opcode Fuzzy Hash: 8d348f37c641a7df4a4673e9c9fa60c10868ffcdf92aa74bdd5d7a63f2a82d75
                                                  • Instruction Fuzzy Hash: A821817250D3C05FEB128B25DC55B92BFB4AF07324F0984DAED858F663D2759908CB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05601EEA, Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WSASocketW.WS2_32(?,?,?,?,?), ref: 05601F56
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: Socket
                                                  • String ID:
                                                  • API String ID: 38366605-0
                                                  • Opcode ID: 5319e1d5364c69bf50944a98152fd3f1c84ac888c8a3f96b08d5f315de2258d4
                                                  • Instruction ID: 3c1496b37a4200920d1fbf7f341bca5ea08a282a209294d74081ce4a7078be31
                                                  • Opcode Fuzzy Hash: 5319e1d5364c69bf50944a98152fd3f1c84ac888c8a3f96b08d5f315de2258d4
                                                  • Instruction Fuzzy Hash: 6021CD71504740AFEB21DF65DC44F66FBE8EF08320F04886EEA858A691D376A408CB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05602EEE, Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WSASend.WS2_32(?,00000E2C,F27C5854,00000000,00000000,00000000,00000000), ref: 05602F5E
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: Send
                                                  • String ID:
                                                  • API String ID: 121738739-0
                                                  • Opcode ID: eaca3fa2caed5a5ce3b737c2c65544beb836ed8c6ee3ad3d21376b69e759d725
                                                  • Instruction ID: 5c05fc3e7e268cc04f881d7aaec76d548c100b16aefe1539ef7364b45004df09
                                                  • Opcode Fuzzy Hash: eaca3fa2caed5a5ce3b737c2c65544beb836ed8c6ee3ad3d21376b69e759d725
                                                  • Instruction Fuzzy Hash: 2811A2B1500304AFEB21CF65DC44FA7FBA8EF04320F04886AEA459B655D235E409CB71
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 056024DA, Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: FileView
                                                  • String ID:
                                                  • API String ID: 3314676101-0
                                                  • Opcode ID: fa94bd725a1343d2c167cfb706a362da7853565f97528012a92e1581d7a12be5
                                                  • Instruction ID: 89baec34ab88802e0b73ac86ea362942d76d586906195323dda701ecad325471
                                                  • Opcode Fuzzy Hash: fa94bd725a1343d2c167cfb706a362da7853565f97528012a92e1581d7a12be5
                                                  • Instruction Fuzzy Hash: 4721CD71500740AFE722CF69CC89F66FBE8EF08320F04845EE9889B691D375E509CB65
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 056004EA, Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RegQueryValueExW.KERNELBASE(?,00000E2C,F27C5854,00000000,00000000,00000000,00000000), ref: 0560055C
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: QueryValue
                                                  • String ID:
                                                  • API String ID: 3660427363-0
                                                  • Opcode ID: 2cf3b6a11c2ce9e5d8799c07d825096fd3167e8ba582894d60b733d6602f444d
                                                  • Instruction ID: 8986e6d4e3437aa91f9ad1cad5d3d7c980dfeb736686f4d53c2881ea5f1b5c1f
                                                  • Opcode Fuzzy Hash: 2cf3b6a11c2ce9e5d8799c07d825096fd3167e8ba582894d60b733d6602f444d
                                                  • Instruction Fuzzy Hash: 7811B171500700AFEB22CF15DD84F67FBE8EF08720F44846AE9469B692D364E408CB71
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05600D9E, Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RegSetValueExW.KERNELBASE(?,00000E2C,F27C5854,00000000,00000000,00000000,00000000), ref: 05600E10
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: Value
                                                  • String ID:
                                                  • API String ID: 3702945584-0
                                                  • Opcode ID: c7d224df399f00e14a34f4a12acd89fb090b739b95154c17da1aa68b0145c160
                                                  • Instruction ID: eda80196880b831d91011c8cba7292680b5b66b149502ec21cd73248979c321d
                                                  • Opcode Fuzzy Hash: c7d224df399f00e14a34f4a12acd89fb090b739b95154c17da1aa68b0145c160
                                                  • Instruction Fuzzy Hash: 1011B175604304AFEB21CE15CC45F67FBACEF04720F48846AED459A692D664E405CA71
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05602CFE, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • setsockopt.WS2_32(?,00000E2C,F27C5854,00000000,00000000,00000000,00000000), ref: 05602D65
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: setsockopt
                                                  • String ID:
                                                  • API String ID: 3981526788-0
                                                  • Opcode ID: 324f87196548d198f6c54b86ed4a8e922c237680371028c871c8c84e0b9bad08
                                                  • Instruction ID: d615244540f7ce9ca657fa0a580884c9d14ab0c1df872c39df92942d5b30b139
                                                  • Opcode Fuzzy Hash: 324f87196548d198f6c54b86ed4a8e922c237680371028c871c8c84e0b9bad08
                                                  • Instruction Fuzzy Hash: DC11BE75500300AFEB21CF65DC84FA7FBA8EF04320F04846AED499B696D274E809CB71
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05600CB4, Relevance: 1.6, APIs: 1, Instructions: 64fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CopyFileW.KERNELBASE(?,?,?), ref: 05600D1E
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: CopyFile
                                                  • String ID:
                                                  • API String ID: 1304948518-0
                                                  • Opcode ID: bd3c208ae0a08efdde00a82e84f85e229ee744754a4592c5e981653c50badbec
                                                  • Instruction ID: d0da18a1cde6d0c70459b4fc678bfb71e59acd16c6526743f1f8a2f0af0802ad
                                                  • Opcode Fuzzy Hash: bd3c208ae0a08efdde00a82e84f85e229ee744754a4592c5e981653c50badbec
                                                  • Instruction Fuzzy Hash: A21160755093809FD721CF65DC89B57BFE8EF05220F0984AAED49CB692D234E808CB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0560138F, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetKernelObjectSecurity.KERNELBASE(?,?,?), ref: 05601402
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: KernelObjectSecurity
                                                  • String ID:
                                                  • API String ID: 3015937269-0
                                                  • Opcode ID: 5d77056f7b75d82d91f10c81f82469189283f72b6d02acb616adcd6b37a8fe84
                                                  • Instruction ID: f4a886c242e3d170f05c2827bea7fdf0a6dbaaf65eedfd7d3edf1a1e4a84e42b
                                                  • Opcode Fuzzy Hash: 5d77056f7b75d82d91f10c81f82469189283f72b6d02acb616adcd6b37a8fe84
                                                  • Instruction Fuzzy Hash: BA21907550D3805FD7128B25DC84A62FFB4EF06314F0980DFED858B6A3D275A849CB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05601206, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetExitCodeProcess.KERNELBASE(?,00000E2C,F27C5854,00000000,00000000,00000000,00000000), ref: 0560125C
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: CodeExitProcess
                                                  • String ID:
                                                  • API String ID: 3861947596-0
                                                  • Opcode ID: ae43e678e385170d375838cc20a4690ab900eed5adb10d03ac84d47f1abcfc6b
                                                  • Instruction ID: c6a96b9da69e295d770ffc6b0468930f78f00803e7b2ab49d36e10355b3b8bb2
                                                  • Opcode Fuzzy Hash: ae43e678e385170d375838cc20a4690ab900eed5adb10d03ac84d47f1abcfc6b
                                                  • Instruction Fuzzy Hash: E711E371504300AFEB21CF69DC85B6BBB98EF45320F14846AED04DB685D674E444CB71
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05601950, Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • K32EnumProcesses.KERNEL32(?,?,?,F27C5854,00000000,?,?,?,?,?,?,?,?,72203C38), ref: 056019B2
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: EnumProcesses
                                                  • String ID:
                                                  • API String ID: 84517404-0
                                                  • Opcode ID: c57f7020a3a11b30285472d56ea05def7738798ebd67bac905769ef2ea3414c8
                                                  • Instruction ID: 50c74556a49300bdee0fbb7f592dca2817536886fe655606548b3a4e1e06f80a
                                                  • Opcode Fuzzy Hash: c57f7020a3a11b30285472d56ea05def7738798ebd67bac905769ef2ea3414c8
                                                  • Instruction Fuzzy Hash: A21172715093809FDB11CF65DC85B57FFE8EF06210F0884AEED45CB652D234A808CB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 056012E2, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DeleteFileA.KERNELBASE(?,00000E2C), ref: 0560134B
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: DeleteFile
                                                  • String ID:
                                                  • API String ID: 4033686569-0
                                                  • Opcode ID: 16343154f465c307d2cefea04895c4fe13c099fa7e2b2839033d61597f031cc8
                                                  • Instruction ID: 242b8fde172f7745331fb1dbcb10d7838ee7608288168bb165a7a7c1b89c7e41
                                                  • Opcode Fuzzy Hash: 16343154f465c307d2cefea04895c4fe13c099fa7e2b2839033d61597f031cc8
                                                  • Instruction Fuzzy Hash: E7112971600300AFF724CB15DC45F76FB98DF05720F54805AED058B6C5D6B4E505CA71
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 056009F2, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WriteFile.KERNELBASE(?,00000E2C,F27C5854,00000000,00000000,00000000,00000000), ref: 05600A51
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: FileWrite
                                                  • String ID:
                                                  • API String ID: 3934441357-0
                                                  • Opcode ID: 21fb644a23a9e6a4e574f32268f0dcdd67901c8ee98d2e3ac76caa42d9ed1c85
                                                  • Instruction ID: 99883881ed8c4cba52d49bb43c948a07119e409b6d37e8b02aee315d7dc27776
                                                  • Opcode Fuzzy Hash: 21fb644a23a9e6a4e574f32268f0dcdd67901c8ee98d2e3ac76caa42d9ed1c85
                                                  • Instruction Fuzzy Hash: B311BF71500300AFEB21CF65DC45F66FBA8EF04320F14846AED499B696D675E408CBB1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 056002DE, Relevance: 1.6, APIs: 1, Instructions: 60registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RegOpenKeyExA.KERNELBASE(?,00000E2C), ref: 05600353
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: Open
                                                  • String ID:
                                                  • API String ID: 71445658-0
                                                  • Opcode ID: 8202781b8b3939614e13d4f26091dc7fa7f3164a848e94d083b440614c805ffc
                                                  • Instruction ID: fa13bf87970c9f1b3702b319a9ab659219dc94d69e3649bfa77ffc5bf1548ea6
                                                  • Opcode Fuzzy Hash: 8202781b8b3939614e13d4f26091dc7fa7f3164a848e94d083b440614c805ffc
                                                  • Instruction Fuzzy Hash: 3D11C171100700AFEB36CF15DC45F76FBA8EF04720F14849AEE455A696D2B5A509CBB2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 056017EB, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetSystemInfo.KERNELBASE(?), ref: 0560184C
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: InfoSystem
                                                  • String ID:
                                                  • API String ID: 31276548-0
                                                  • Opcode ID: 9a25bd0b3620cee7ff1fa68371eb625d02a1d9688699a364323b1aaf971b4ada
                                                  • Instruction ID: 57f1060bd47c8b636f6be70b55fe151598129ef09e57c85f1236a761fa6b483d
                                                  • Opcode Fuzzy Hash: 9a25bd0b3620cee7ff1fa68371eb625d02a1d9688699a364323b1aaf971b4ada
                                                  • Instruction Fuzzy Hash: E6115B714093C09FEB128B65D845B52BFF4EF46220F0984EADD848F263C275A948CB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05601476, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 056014BE
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: LookupPrivilegeValue
                                                  • String ID:
                                                  • API String ID: 3899507212-0
                                                  • Opcode ID: 8c2c43cc69d48ccc6c599c994160c112813ba55b89aa5f27a8a73e656bc7f39f
                                                  • Instruction ID: 4bc9a7a76e148e04aae1e2f5c477a9989df75ac54852ba2ec7b84fc99bf418fb
                                                  • Opcode Fuzzy Hash: 8c2c43cc69d48ccc6c599c994160c112813ba55b89aa5f27a8a73e656bc7f39f
                                                  • Instruction Fuzzy Hash: 92113071A042408FEB64CF6ADC85B66FBD8EB05320F08956ADD45CBB95E674D404CA71
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05600CD6, Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CopyFileW.KERNELBASE(?,?,?), ref: 05600D1E
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: CopyFile
                                                  • String ID:
                                                  • API String ID: 1304948518-0
                                                  • Opcode ID: 8c2c43cc69d48ccc6c599c994160c112813ba55b89aa5f27a8a73e656bc7f39f
                                                  • Instruction ID: 05344b6e90185f6227ce32cb53541cb3e4bde59268c7d38b99ae106ce1d2b139
                                                  • Opcode Fuzzy Hash: 8c2c43cc69d48ccc6c599c994160c112813ba55b89aa5f27a8a73e656bc7f39f
                                                  • Instruction Fuzzy Hash: 241170756042008FEB64CF6AD889B67FBD8EF04220F08846ADD49CB781D634E405CB71
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0560075A, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateDirectoryW.KERNELBASE(?,?), ref: 0560079F
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: CreateDirectory
                                                  • String ID:
                                                  • API String ID: 4241100979-0
                                                  • Opcode ID: 3b880d49b2849a8f4f98d24b6b193e742546e4a107ec982e78703576359f617e
                                                  • Instruction ID: 8381b1300f4dad5df6008bf68083e3b7f17a8912ed30088a7904f016ef93cdca
                                                  • Opcode Fuzzy Hash: 3b880d49b2849a8f4f98d24b6b193e742546e4a107ec982e78703576359f617e
                                                  • Instruction Fuzzy Hash: 861165756042408FEB54CF69D889B66FBD8EF04620F48D4AADD49CBB85D778D404CF61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05600932, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetFileType.KERNELBASE(?,00000E2C,F27C5854,00000000,00000000,00000000,00000000), ref: 05600985
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: FileType
                                                  • String ID:
                                                  • API String ID: 3081899298-0
                                                  • Opcode ID: 5d5d9cde067e650bdc8fe0f9c85cd864d8b6e4e3481d1ba956cbab1ca73a4ba2
                                                  • Instruction ID: 5b495e69df87d78673bcf743db14a70d1801a8132713cc0a6aa5b4a98c7c0edd
                                                  • Opcode Fuzzy Hash: 5d5d9cde067e650bdc8fe0f9c85cd864d8b6e4e3481d1ba956cbab1ca73a4ba2
                                                  • Instruction Fuzzy Hash: 2601D671504344AEFB21CF19DD45F67FB98EF04730F54906AEE449B686D274E404CAB1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05601972, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • K32EnumProcesses.KERNEL32(?,?,?,F27C5854,00000000,?,?,?,?,?,?,?,?,72203C38), ref: 056019B2
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: EnumProcesses
                                                  • String ID:
                                                  • API String ID: 84517404-0
                                                  • Opcode ID: cca216501e0f658fe98654387c605047d9f8d0e460028d66d25d47fffaf2bec7
                                                  • Instruction ID: c8f8aeac4e9bf1cacc25a9a5e49228c7466eb4384ca320fc5d4ff29b04a324fe
                                                  • Opcode Fuzzy Hash: cca216501e0f658fe98654387c605047d9f8d0e460028d66d25d47fffaf2bec7
                                                  • Instruction Fuzzy Hash: 39116175A043449FEB24CF69DC85B66FBE4EF05320F0884AADD49CB655D275E408CB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05603106, Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FormatMessageW.KERNELBASE(?,00000E2C,?,?), ref: 05603156
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: FormatMessage
                                                  • String ID:
                                                  • API String ID: 1306739567-0
                                                  • Opcode ID: 9a12b51c4cd5138f4209b7d51d0753b5a4b9544e045b8ce7e8d03b99ec94e87b
                                                  • Instruction ID: dfd834c8267a8b63eb62c73d88fdf9d24ef2e1342e63c048dc1e72dfa513ee63
                                                  • Opcode Fuzzy Hash: 9a12b51c4cd5138f4209b7d51d0753b5a4b9544e045b8ce7e8d03b99ec94e87b
                                                  • Instruction Fuzzy Hash: 5501B171500600ABD714DF1ADC82B36FBA8EB88B20F14812AED089B641D231B915CBE1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05600ECA, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetTempFileNameW.KERNELBASE(?,00000E2C,?,?), ref: 05600F1A
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: FileNameTemp
                                                  • String ID:
                                                  • API String ID: 745986568-0
                                                  • Opcode ID: fae3b2bf0340276b47d3962be0121e227bd8517bcf49de4ac844920afe554f82
                                                  • Instruction ID: 9371b9c6d016f1f28781fda43395a2a0e6c0c58556e3ff73c22ea60a7d34d8fe
                                                  • Opcode Fuzzy Hash: fae3b2bf0340276b47d3962be0121e227bd8517bcf49de4ac844920afe554f82
                                                  • Instruction Fuzzy Hash: 39017171500600ABD714DF1ADC86B36FBA8FB89B20F14856AED089B641D631B915CBA5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 056013C2, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetKernelObjectSecurity.KERNELBASE(?,?,?), ref: 05601402
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: KernelObjectSecurity
                                                  • String ID:
                                                  • API String ID: 3015937269-0
                                                  • Opcode ID: 2c339654cc56d5a172a68a6f878987574b046d09644802543d5694778d8ebd43
                                                  • Instruction ID: 2fc74fac854e83e6471dfc0b0f6d7e0790b22902626f36cc30f2c99d897e236f
                                                  • Opcode Fuzzy Hash: 2c339654cc56d5a172a68a6f878987574b046d09644802543d5694778d8ebd43
                                                  • Instruction Fuzzy Hash: 240180756042408FDB64CF55DC84B66FBE4EF05320F08D0AADD458BAA5D275E448CA61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05600232, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FindCloseChangeNotification.KERNELBASE(?), ref: 05600264
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: ChangeCloseFindNotification
                                                  • String ID:
                                                  • API String ID: 2591292051-0
                                                  • Opcode ID: 5e527784f58a8c1d4e9347a2ae3be9900bacb52675544ba641fcccb8e0392d87
                                                  • Instruction ID: 08b724997a9d6017ea9fdbfae0b0cd9b198e0dd76b295dd1a9e82c59feb0bb4b
                                                  • Opcode Fuzzy Hash: 5e527784f58a8c1d4e9347a2ae3be9900bacb52675544ba641fcccb8e0392d87
                                                  • Instruction Fuzzy Hash: DB01D4755043408FEB64CF69D888766FB94EF40330F08C4ABDD458FA45D275E408CB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05601BFE, Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RegQueryValueExW.KERNELBASE(?,00000E2C,?,?), ref: 05601C4E
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: QueryValue
                                                  • String ID:
                                                  • API String ID: 3660427363-0
                                                  • Opcode ID: e49908e12613a0b1bc379fe245f89fd0ac6423e7b04460a365eebe683563c3c3
                                                  • Instruction ID: 5d41e2cf3b0d8e467067d1f02b4f5114639ed06edcfaa771f10f9a0be0325771
                                                  • Opcode Fuzzy Hash: e49908e12613a0b1bc379fe245f89fd0ac6423e7b04460a365eebe683563c3c3
                                                  • Instruction Fuzzy Hash: B901A271500604ABD314DF1ADC82B36FBE8FB89B20F14811AED085B741D271F516CBE5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 056016C6, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FindCloseChangeNotification.KERNELBASE(?), ref: 056016F8
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.922163653.0000000005600000.00000040.00000001.sdmp, Offset: 05600000, based on PE: false
                                                  Similarity
                                                  • API ID: ChangeCloseFindNotification
                                                  • String ID:
                                                  • API String ID: 2591292051-0
                                                  • Opcode ID: 121f500cd41e760092b9f2062a75fa65e1df583f4821b14c34b12c79e9a2a3ec
                                                  • Instruction ID: e6c011ae7c2436ea1c05d87821ff9d594dbb24a32333a8e0940849be4a3f6950
                                                  • Opcode Fuzzy Hash: 121f500cd41e760092b9f2062a75fa65e1df583f4821b14c34b12c79e9a2a3ec
                                                  • Instruction Fuzzy Hash: 09017C755043408FEB64CF6ADC85766FBA4EF05320F08C4AEDD498FA96D275E448CAB2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06B30070, Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.923006563.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: MOC
                                                  • API String ID: 0-624257665
                                                  • Opcode ID: 1e6e7e0c4fb61af254e795e46cc3809a91970032434cc44d7a7b050574457918
                                                  • Instruction ID: 527cebe36db1d4ec4321d75c8677100b3e5bab6c1aeeb74d7e632f7aa31aad69
                                                  • Opcode Fuzzy Hash: 1e6e7e0c4fb61af254e795e46cc3809a91970032434cc44d7a7b050574457918
                                                  • Instruction Fuzzy Hash: 73718CB0B04A25DFD759EF69C99096AFBF2FF88304B14896DD55687750CB31E841CB80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D02E8, Relevance: 1.4, Strings: 1, Instructions: 174COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: :@fq
                                                  • API String ID: 0-3673016210
                                                  • Opcode ID: 3081b1f3e95159c8d28fe1a575f83ae908f4e29b8b9b74b8e355f4e12daa2305
                                                  • Instruction ID: 56c568caa9df446d6d0c04cb0dd422435aabbbb54a51850773a6880904553afb
                                                  • Opcode Fuzzy Hash: 3081b1f3e95159c8d28fe1a575f83ae908f4e29b8b9b74b8e355f4e12daa2305
                                                  • Instruction Fuzzy Hash: 0C51AB34A05309CFDB18DF68C494A6E7BF2EF89304F248469E506EB3A1DB31AD45CB52
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D21F8, Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: r*+
                                                  • API String ID: 0-3221063712
                                                  • Opcode ID: 7fbe3cfe10c4f12072667b1362e86d19d30b6315ff64e3f118ca4b0a1fc2c954
                                                  • Instruction ID: 1625f765a6a3beed56fb392394033d13eb8d8686ed9a8285d8881d9912d8d6ff
                                                  • Opcode Fuzzy Hash: 7fbe3cfe10c4f12072667b1362e86d19d30b6315ff64e3f118ca4b0a1fc2c954
                                                  • Instruction Fuzzy Hash: E141E830E09309DFDB58DBA9C5456AEBBF2FB44308F1080AAD406E72A4DB359B45CF52
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D8CD0, Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: r*+
                                                  • API String ID: 0-3221063712
                                                  • Opcode ID: b18cb187b783e64f26833a2938f4f29b59a6faec60677c56670357c4b0b105e3
                                                  • Instruction ID: a382b40aa2e1a2e6d39c9e0a838514192858d67b66559c18d99df739d02d3bbe
                                                  • Opcode Fuzzy Hash: b18cb187b783e64f26833a2938f4f29b59a6faec60677c56670357c4b0b105e3
                                                  • Instruction Fuzzy Hash: D041F830E0530DDFDB58DBA9C4456AEBBB1FF46304F24846AD402E72A0DB359A45CF51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D50E0, Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: d@q
                                                  • API String ID: 0-1277414842
                                                  • Opcode ID: 17411158cc2d08d99010e329638079a1b29fbc1732585bb8ad9032369005c489
                                                  • Instruction ID: 3a7147f3e4b5e077ea5fc5237c284c31040d23f2e847f36694dd8014ad7e4654
                                                  • Opcode Fuzzy Hash: 17411158cc2d08d99010e329638079a1b29fbc1732585bb8ad9032369005c489
                                                  • Instruction Fuzzy Hash: 90217C31A007099FDF04DFB9C4146AEBBF7AF89304F10852AC40AEB354DB70AA45CB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D50D0, Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: d@q
                                                  • API String ID: 0-1277414842
                                                  • Opcode ID: db1240dade5ee035d752eb775764a034d77997303a3f63e7dd4a92bb8ed31286
                                                  • Instruction ID: 8fab3974236603d485042df42c3e2585f9800c41e2f14ba74d03bce9fffb8e28
                                                  • Opcode Fuzzy Hash: db1240dade5ee035d752eb775764a034d77997303a3f63e7dd4a92bb8ed31286
                                                  • Instruction Fuzzy Hash: C9115B71D0070D9FDF40CFA5C8056EEBBF2AF89310F10442AC509EB264EB746A8ACB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D12A0, Relevance: .5, Instructions: 460COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2528183c821abb5f7c40b5ec696618fe6d1d6ec96cd8d84aaae6fdcfc43b2303
                                                  • Instruction ID: 8615ae18c988d588412024caecd87ed1bd86f9e02e8a181d3fa3611f8edf8516
                                                  • Opcode Fuzzy Hash: 2528183c821abb5f7c40b5ec696618fe6d1d6ec96cd8d84aaae6fdcfc43b2303
                                                  • Instruction Fuzzy Hash: 4222F034A00649CFCB24DF28D484A6ABBF2FF88314F14859AD85A9B765DB34ED45CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06B305A8, Relevance: .4, Instructions: 382COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.923006563.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c56395c4c8c5ae1f9ac2245b8f629d8c17ef12f6389d4630068da086f66e1f6a
                                                  • Instruction ID: 301bfb1435aab2655a4cdb96958a2a6acaea409b04746fbd8139017112121377
                                                  • Opcode Fuzzy Hash: c56395c4c8c5ae1f9ac2245b8f629d8c17ef12f6389d4630068da086f66e1f6a
                                                  • Instruction Fuzzy Hash: 2DE16C70A00229CFCB55DF68C480A9EB7B2BF85314F1585D9D80AAB356DB71ED86CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D7B38, Relevance: .3, Instructions: 280COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 236a1af0faa28858a83889c707527bf27439f4c57c6ae02b3e6bd9e617deb4f3
                                                  • Instruction ID: 4bdd71726244531a28c0689dbe3e6ceae6ee2aeabbc9e097de6cd6992477d550
                                                  • Opcode Fuzzy Hash: 236a1af0faa28858a83889c707527bf27439f4c57c6ae02b3e6bd9e617deb4f3
                                                  • Instruction Fuzzy Hash: D2918E35604309CFCB15CF68C890A9EBBB2FF85304F558569D909AF25ACB70EE46CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D64B0, Relevance: .2, Instructions: 241COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 513ed111602750a58098b07f115c8f8b017ec566b88842afc41d7ca75f398da6
                                                  • Instruction ID: 7fa2928b910b726d433f6e930e54c992b2e16627a045cbc343d19eca00fcbe7b
                                                  • Opcode Fuzzy Hash: 513ed111602750a58098b07f115c8f8b017ec566b88842afc41d7ca75f398da6
                                                  • Instruction Fuzzy Hash: BF814D31A0061DCFCF15CF54C890A9AB7B3AF85304F5585A5D90AAF215EB71AA8ACF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DB19F, Relevance: .2, Instructions: 235COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 62de9285278bc5ae90f8fe5366b694a06ca57cdda18231131d3005396b5a776b
                                                  • Instruction ID: 8055d7c4363211ce0d0f6c6c31725f269497fd4aff0674697c5700a82d0207c7
                                                  • Opcode Fuzzy Hash: 62de9285278bc5ae90f8fe5366b694a06ca57cdda18231131d3005396b5a776b
                                                  • Instruction Fuzzy Hash: B881B0317006168BD704EBB9C49876EBBA3FFC5304F61866DD1068B698DF749E0AC791
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D4DB8, Relevance: .2, Instructions: 186COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ea33e0877a1d2383a97e815df84254e115600b67eb235017d0548870680255f3
                                                  • Instruction ID: 2c5d499557e1ddc31a05e0ddacebcb34adfa4c03267137dca94392c661650b30
                                                  • Opcode Fuzzy Hash: ea33e0877a1d2383a97e815df84254e115600b67eb235017d0548870680255f3
                                                  • Instruction Fuzzy Hash: 2661CD342083498FCB05DB68D58896D7BA3FB88314B14C5AAD506CBA75DF34EE46CB92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DEBD8, Relevance: .2, Instructions: 184COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 55572d7ecd1e742a748a34a500c66c122cd35aee88769631058085f6ccb3a77e
                                                  • Instruction ID: 9a03967435681bea07e48b2b030712df2ac2c2853f15a0cf9c0d432716bf72a9
                                                  • Opcode Fuzzy Hash: 55572d7ecd1e742a748a34a500c66c122cd35aee88769631058085f6ccb3a77e
                                                  • Instruction Fuzzy Hash: 00711734A04708DFEB15CF6DC484BA9BBF1BB48328F149559E416EB761CB31EA85CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DEB68, Relevance: .2, Instructions: 170COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c43bbd9407258128390fd0d73828c9c5df00fefc8eda8ea9b3b8cd443cc33462
                                                  • Instruction ID: 2317ed13f98027ab274ffbb3bbeea38df010297c2eb2b6f461adef06acbe0963
                                                  • Opcode Fuzzy Hash: c43bbd9407258128390fd0d73828c9c5df00fefc8eda8ea9b3b8cd443cc33462
                                                  • Instruction Fuzzy Hash: 21616631A04748CFEB25CF6CC484BA9BBF1EF48324F144959D556EB651CB70AA85CB50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06B303F8, Relevance: .2, Instructions: 167COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.923006563.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: aeeadd3b10219bc665f38e3a6008bf215ceddb0b4d817517f612d9794989b7e1
                                                  • Instruction ID: 9bea36aa35ad62e178a6e45f6420f58543035239875262615a58f3c31a535adb
                                                  • Opcode Fuzzy Hash: aeeadd3b10219bc665f38e3a6008bf215ceddb0b4d817517f612d9794989b7e1
                                                  • Instruction Fuzzy Hash: 505123B1708364DFD791AB78D4406BABBF5EF99304B0580FBD18AC7262CA359A42C791
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D7990, Relevance: .2, Instructions: 161COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9028a2c514ca8a910b916535d148fdae3c6762bdb28514bb4e520146f57355d0
                                                  • Instruction ID: 4025b6ab71f70db4ac6f7dda3c552a83f02f78503a505548b89bddb42181f3ad
                                                  • Opcode Fuzzy Hash: 9028a2c514ca8a910b916535d148fdae3c6762bdb28514bb4e520146f57355d0
                                                  • Instruction Fuzzy Hash: AB31193190071ECFDF15CF54C854ADABBB2AF85308F518494D909BB215DB70AB8ACF81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D75E0, Relevance: .2, Instructions: 159COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bf0fbfd0ad4484d02c7fa5a36a0429d8c12a80a992b9f4690f1733bd61685588
                                                  • Instruction ID: 5a7e54b79406e9a88ca0c8afbc4b1ac775037a47912d6ebf31873e1def76e971
                                                  • Opcode Fuzzy Hash: bf0fbfd0ad4484d02c7fa5a36a0429d8c12a80a992b9f4690f1733bd61685588
                                                  • Instruction Fuzzy Hash: B0513F31F003198BCB18DBBDD4506AEB7F3AF98314B258569C40AEB394DE31AD42CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D8538, Relevance: .1, Instructions: 147COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 34a04114bd089493dd2c77efdb1d32d81f3163dd7363a2dab1ec390bbd02522c
                                                  • Instruction ID: 6a2cc5fd2fef28f49f56c8b292a830bf410fb57d9167c8e44bd665345f0e7ee1
                                                  • Opcode Fuzzy Hash: 34a04114bd089493dd2c77efdb1d32d81f3163dd7363a2dab1ec390bbd02522c
                                                  • Instruction Fuzzy Hash: C85112B5D00218CFCB24CFA8D98869CBBF1FF49314F20856AD95AA7294EB316E45CF40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D7F61, Relevance: .1, Instructions: 143COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0360923072e743121c2d7671b482504e0ffe17fc08b55244b015b0d7b8894f07
                                                  • Instruction ID: e14d5ddf7d356ade8fa3f3989d9f903831e73430d8e799fb2cca27ea34a6f421
                                                  • Opcode Fuzzy Hash: 0360923072e743121c2d7671b482504e0ffe17fc08b55244b015b0d7b8894f07
                                                  • Instruction Fuzzy Hash: A3510834A05319CFDB24DB78C598BADBBF2BF45304F6482A9D80ADB295DB309D41CB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D09A5, Relevance: .1, Instructions: 135COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 883fc13d8ca72b964c8526826a92378475f5c46747e33ce1560ec04c4b274acb
                                                  • Instruction ID: 00631665853bfc7176ea9b63db310d21b33343465ee9dcd06fb2a774ab52724c
                                                  • Opcode Fuzzy Hash: 883fc13d8ca72b964c8526826a92378475f5c46747e33ce1560ec04c4b274acb
                                                  • Instruction Fuzzy Hash: 0E41B131B00305DFCB159FA8D858AAEBBF6FF49304F218165E5469F2A5CB71AD06CB80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06B30006, Relevance: .1, Instructions: 132COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.923006563.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b945179da406fcd6e4367c0468f8e527bf7207a112d3b0f605eff05735d1e4a8
                                                  • Instruction ID: 4462d38140bb448d11671a317844416716f41db12d1860a4e35abb5d328a06e8
                                                  • Opcode Fuzzy Hash: b945179da406fcd6e4367c0468f8e527bf7207a112d3b0f605eff05735d1e4a8
                                                  • Instruction Fuzzy Hash: 1D41B1B5A0D7A48FD793DF68CC949AABFF1AF52200B1945DBD082CB662C730A845C791
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D0BC0, Relevance: .1, Instructions: 131COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cd27899a4069cceef91dff36f0ec5ca173374ddd70ceb21aba96867f9c11bbbd
                                                  • Instruction ID: 9a1f4dfe6194d9532e0a21c320eb2b62ddbb98a975457dafce0a37261b8292e6
                                                  • Opcode Fuzzy Hash: cd27899a4069cceef91dff36f0ec5ca173374ddd70ceb21aba96867f9c11bbbd
                                                  • Instruction Fuzzy Hash: AC41A531B052088FC7159F6CC414AAEB7E7AF85314F15816AF806EF3A1CEB2DE068791
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DFBA1, Relevance: .1, Instructions: 130COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ef3ee09e4d43a0fe85f878cefee5d70823c399586c86ed2bfa7712d66cd6a394
                                                  • Instruction ID: 2f77cdce51950f24ca3bda9d464b7354158ee31ff9196c3ea514977a0bba07f2
                                                  • Opcode Fuzzy Hash: ef3ee09e4d43a0fe85f878cefee5d70823c399586c86ed2bfa7712d66cd6a394
                                                  • Instruction Fuzzy Hash: 10511D35A00208CFDB15DF68C480EEDBBF1AF88324F159595DA02AB365DB31ED42DB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D1458, Relevance: .1, Instructions: 128COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 19c36d743e7e9dcd2888eb303f5b8fb276da6017befff4fc8883b1d30984858f
                                                  • Instruction ID: 68764900ebe47ae5636084074f78afbcbee0344470f40c9c3ae9eb2a2e1c1a71
                                                  • Opcode Fuzzy Hash: 19c36d743e7e9dcd2888eb303f5b8fb276da6017befff4fc8883b1d30984858f
                                                  • Instruction Fuzzy Hash: 6E51E434A00219CFDB14DF68D898B9DBBB2BF49304F5041EAD50AAB365CB359E88CF51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D0682, Relevance: .1, Instructions: 128COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: df3d331cef8e29c9d7e8fbe3e46bc45f3f31475937cf988a8d068f6d3a7fb670
                                                  • Instruction ID: fdafaaa4221b8376d4929ed6c4eb6475f1ff80c2712b6b2f7f939a3c21b6273c
                                                  • Opcode Fuzzy Hash: df3d331cef8e29c9d7e8fbe3e46bc45f3f31475937cf988a8d068f6d3a7fb670
                                                  • Instruction Fuzzy Hash: 9E4146316003058BD734AB39E81C66E3BABBB80719F158569F502CE2A8DF758D068BD2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D5920, Relevance: .1, Instructions: 126COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6352cc038ed5910d66bf602f4377848b634037fe8b7753955cb4c0349af65bda
                                                  • Instruction ID: 7edf830f4ca5ca0a558528e1d114255584e936d1cc3cd93a0ae38ecbe44b204e
                                                  • Opcode Fuzzy Hash: 6352cc038ed5910d66bf602f4377848b634037fe8b7753955cb4c0349af65bda
                                                  • Instruction Fuzzy Hash: 7C41E130B043169BDB25677AA81533E37FB6F89714F14806AE507CB388EE34DE018B92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D87C8, Relevance: .1, Instructions: 126COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 57363cfd4fac9cf4befc5bfd1d56675317ca942b49dea4d28a188870afe85d5b
                                                  • Instruction ID: f7f0c88014718a9b62aa2ac7d9dbea662c2560970cffc45426a398632f44f342
                                                  • Opcode Fuzzy Hash: 57363cfd4fac9cf4befc5bfd1d56675317ca942b49dea4d28a188870afe85d5b
                                                  • Instruction Fuzzy Hash: 0A419235A0020ADFC700DFA8D885AAEFBB1FF86314F158276D915DB251DB30D955CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06B30B31, Relevance: .1, Instructions: 126COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.923006563.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 41a17136bb42f81308cb5075e7909da4869499899a06fdcec4a106e112331493
                                                  • Instruction ID: 9897b16437b8a56b52fbf7d41c8680643534161ddb95ea25409b497a6faa9103
                                                  • Opcode Fuzzy Hash: 41a17136bb42f81308cb5075e7909da4869499899a06fdcec4a106e112331493
                                                  • Instruction Fuzzy Hash: 6B41C472B04125AFDB85EB68D880D9ABBB6FF44310B5580E6E50A9F262D730EC04CBD1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D0690, Relevance: .1, Instructions: 123COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ff877de94eefbb0776129d24c09381fe4092521f66868f50a717a4526e1cccb8
                                                  • Instruction ID: 57c1ac79951be82f46f25056720fc19124112f81a2f75dad4dc8063f5da7662c
                                                  • Opcode Fuzzy Hash: ff877de94eefbb0776129d24c09381fe4092521f66868f50a717a4526e1cccb8
                                                  • Instruction Fuzzy Hash: AB4137316003058BD734AB39E81D66E3BABFB8474AF158569F502CE2E8DF758D058BD1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D7162, Relevance: .1, Instructions: 119COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7a3573460961ebd3ee8b40ec8af7f11b815fb33fd513ff4ca8de3f0681489683
                                                  • Instruction ID: 78704b0f51f87d38ce446633e02a7cccf7236718598418fbd083620c6708a8b2
                                                  • Opcode Fuzzy Hash: 7a3573460961ebd3ee8b40ec8af7f11b815fb33fd513ff4ca8de3f0681489683
                                                  • Instruction Fuzzy Hash: 2B415B357012408FCB499B6AA45016A7BE3FB8E30135840ADED06DB795DF369C05CB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D7170, Relevance: .1, Instructions: 115COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 972fcb885bfd98e840a5b0a87f970353f3079dc5d0bb667da7af8195f00e54fd
                                                  • Instruction ID: e6291895f93958aa5d8af7b07d6e095bfbcb108bcea0b3325d27083173fd5dd7
                                                  • Opcode Fuzzy Hash: 972fcb885bfd98e840a5b0a87f970353f3079dc5d0bb667da7af8195f00e54fd
                                                  • Instruction Fuzzy Hash: 73416D35701240CFC709AB6AE45056A7BE7FB8D70135840ADED06DB795DF369C05CBA2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DB540, Relevance: .1, Instructions: 112COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ca2d1740251402ccb6b43d97ec7cf0ddbdebf31d7a77c262ab534dfb408eb400
                                                  • Instruction ID: ae03d75f63242d618b4b070af2e2143a8403e22962c177d72e5b1e44c84a3340
                                                  • Opcode Fuzzy Hash: ca2d1740251402ccb6b43d97ec7cf0ddbdebf31d7a77c262ab534dfb408eb400
                                                  • Instruction Fuzzy Hash: 91310571B047698FCB04DBA9D48456EBBF2FF89314B21842AE406D7740DB34EE01C790
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06B310E8, Relevance: .1, Instructions: 107COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.923006563.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d7619db996687516292400aa881f55961327adbeed7bad838031ccd7a1f0e359
                                                  • Instruction ID: 870ea3d85dbfe44cc63b3347d7f79f1491322062e195002e32d5f010fdd7711d
                                                  • Opcode Fuzzy Hash: d7619db996687516292400aa881f55961327adbeed7bad838031ccd7a1f0e359
                                                  • Instruction Fuzzy Hash: 8C41E2B4E00218DFDB84CFA9C580ADDBBF6FB49314F2485AAE415EB214D731A946CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D02DA, Relevance: .1, Instructions: 105COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d0626b212e1197df89b585e718163a968aab6bea839099543f646e70e43615f2
                                                  • Instruction ID: 6b5f0410376bb19cd9dd90f5b9901302e22abfdab4be722d33e3f76ef03403b1
                                                  • Opcode Fuzzy Hash: d0626b212e1197df89b585e718163a968aab6bea839099543f646e70e43615f2
                                                  • Instruction Fuzzy Hash: E6414734A01309CFDB18CF68C494BAE7BB2EF88314F248469E502EB3A5DB31AD458B51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DEF90, Relevance: .1, Instructions: 103COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7465cfc241347bd4e106422abbcf084da1145e12f18e79064c0679570585ef8a
                                                  • Instruction ID: b6dc20f520bfed6e059f2e646861a96c2c3ab343a51367413daa9b1fa4a715e6
                                                  • Opcode Fuzzy Hash: 7465cfc241347bd4e106422abbcf084da1145e12f18e79064c0679570585ef8a
                                                  • Instruction Fuzzy Hash: D831E932904219DFCF12DF78D8444EDBBF2AF89310B0544A5E642EB160DF715E4ACB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DEFA0, Relevance: .1, Instructions: 103COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 32560c95eaa4824b035178c79d2bdf842ef395b6302645795745fddb25db9eca
                                                  • Instruction ID: 296821094404e06af168269133e1bfb19c1dfb4240931dfc3e6782155bf2b2b8
                                                  • Opcode Fuzzy Hash: 32560c95eaa4824b035178c79d2bdf842ef395b6302645795745fddb25db9eca
                                                  • Instruction Fuzzy Hash: B031C632900219DFCF15EF68D8448AE77F6BF89315B054465E603EB260DF71AE49CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DE639, Relevance: .1, Instructions: 103COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8fbe123029928301d68d2e363c7793ece8f97e0a56493b8afadfd26876af8694
                                                  • Instruction ID: 520e685042738afaf1bc4c962f6d2581960a23f8fbce3ed9d15f5a5011543a61
                                                  • Opcode Fuzzy Hash: 8fbe123029928301d68d2e363c7793ece8f97e0a56493b8afadfd26876af8694
                                                  • Instruction Fuzzy Hash: 1A315A71A04208DFDB55DF68D484AAEFBF1BF88314F258169D44AEB251DB309E82CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06B30BF0, Relevance: .1, Instructions: 101COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.923006563.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 84fefeeb7dba5f15470167cbb0f1118416c086361e38ff29ec8517f0952701b5
                                                  • Instruction ID: 3acefd8e8e8338342fdad38725d5fecb2757130918d9067a0d8c64971047f945
                                                  • Opcode Fuzzy Hash: 84fefeeb7dba5f15470167cbb0f1118416c086361e38ff29ec8517f0952701b5
                                                  • Instruction Fuzzy Hash: 8B318D31B002258FCB49EF68D4909AEB7B3BF8431075485A9E80AEF345DB30ED45CBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D1290, Relevance: .1, Instructions: 99COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 74d71b83f398baa343416e28ea66d2e305568aa68ec844a690e347b3f4450d07
                                                  • Instruction ID: 04c6031f63ba9abd5a8b3dfbdc17397aae741ad2c46aa5ef5404ca6f4e8b4487
                                                  • Opcode Fuzzy Hash: 74d71b83f398baa343416e28ea66d2e305568aa68ec844a690e347b3f4450d07
                                                  • Instruction Fuzzy Hash: 2941F270A04319CFDB24DF69D888B9DBBB2BF49348F1044AA940AAB354DB349E84CF51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D20D0, Relevance: .1, Instructions: 98COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e82768ac31830311270d608a7b8a3e735ac7340b1d1688d251d0a6150c428ff5
                                                  • Instruction ID: 34e40a26da6fd0077080bf4ae74fa7da5e6b82647234bd54d6782a5adb875039
                                                  • Opcode Fuzzy Hash: e82768ac31830311270d608a7b8a3e735ac7340b1d1688d251d0a6150c428ff5
                                                  • Instruction Fuzzy Hash: B8315E34A0470ADFDB15DF68C88067E7BB3FB88304B21C5AAC656DB255D770AE41CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D43C0, Relevance: .1, Instructions: 98COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8d341c19b33929471121faa2744223ff6d79db30d3cdfc34884b976ac527f0f3
                                                  • Instruction ID: c084c5bb8836133f543972fc956d638fe1705fca5fa170c8e86b2ef1e93cdc67
                                                  • Opcode Fuzzy Hash: 8d341c19b33929471121faa2744223ff6d79db30d3cdfc34884b976ac527f0f3
                                                  • Instruction Fuzzy Hash: 3B31EE31500345CFDB21EF68E848DAD7BF2FF49308B0481A9E5069B2B9CB35AD56DB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06B3059A, Relevance: .1, Instructions: 98COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.923006563.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fea8d63459f0c2dd9248fb89d7e92711dc299273cd199aac59f65cc3a9b67509
                                                  • Instruction ID: 2c09e1ca21ce6416fe9ad5fc439ba32405fa37b499e2644e0d6a0d826cfa9b92
                                                  • Opcode Fuzzy Hash: fea8d63459f0c2dd9248fb89d7e92711dc299273cd199aac59f65cc3a9b67509
                                                  • Instruction Fuzzy Hash: C53130B0F04229CFDB55DF68D49069DBBB1FF48300F2084A9D546EB255D6319986CF91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D75D1, Relevance: .1, Instructions: 96COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 861d7ef573a78b573fdc63827504c2156333d98fd7bd75e6e3b515c0cc9eb99e
                                                  • Instruction ID: 69c0a34830a952996e07eddf43efc6c62f641cf9902cfac30272f6cacebcff17
                                                  • Opcode Fuzzy Hash: 861d7ef573a78b573fdc63827504c2156333d98fd7bd75e6e3b515c0cc9eb99e
                                                  • Instruction Fuzzy Hash: AF313E31E0035A8FCB14DBBDD45459EB7F3AF88314B148569D81AEB394EB31AD46CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D45C8, Relevance: .1, Instructions: 95COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5a00a14f9c12dfb82ba1931c675ae4ad5f9e8174f80fedfc8879f583b2d58f01
                                                  • Instruction ID: 587d1456be3d791ab1b4f3ac1c158c69b9956b19992c2dd7194cf5c634eac247
                                                  • Opcode Fuzzy Hash: 5a00a14f9c12dfb82ba1931c675ae4ad5f9e8174f80fedfc8879f583b2d58f01
                                                  • Instruction Fuzzy Hash: 08216571F0031EDFEB04DAA9E881AFFB7F9EB88308F144125D61AD3541EB705A058761
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06B30DA0, Relevance: .1, Instructions: 94COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.923006563.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2717bdabf16c25da88d3c973465613e03ad6e3c5726854c259cecb023b04688a
                                                  • Instruction ID: ec73e7de31b4a868badaf4397c8ab91719229a6408ba20887a87706a330921f2
                                                  • Opcode Fuzzy Hash: 2717bdabf16c25da88d3c973465613e03ad6e3c5726854c259cecb023b04688a
                                                  • Instruction Fuzzy Hash: E841FBB0A15B60CFE379EB2AC544766B7E2AF84305F14C8AEC59A86A90CB75B441CB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DE8B7, Relevance: .1, Instructions: 93COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d11a29b4587ad531fd6684d1455f82f16ec414d643046af6fdb18ef2df6d9d53
                                                  • Instruction ID: 551b6ec817fdbdff581264a938412ea35558da44bc959bd52f650842ba378d0e
                                                  • Opcode Fuzzy Hash: d11a29b4587ad531fd6684d1455f82f16ec414d643046af6fdb18ef2df6d9d53
                                                  • Instruction Fuzzy Hash: 35316B30B05308CFCB64DF7984846AEBBF2BF88704B60442DE546EB791DA35E946CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D0006, Relevance: .1, Instructions: 93COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e7be48c743f9a90abc539b7d57e0f52881b3397140a3a752e951185f37de5dd7
                                                  • Instruction ID: d18ee569d57520dba6b42c07bd2bf322c5e9cb1e72bed07d9e6da9142dec6c5b
                                                  • Opcode Fuzzy Hash: e7be48c743f9a90abc539b7d57e0f52881b3397140a3a752e951185f37de5dd7
                                                  • Instruction Fuzzy Hash: 70313970609386DFCB129B74C8585993BF1FF42328B05459ED081CF1A6EB799D49DB22
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D55D9, Relevance: .1, Instructions: 91COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 58b96435b345e1fbc8d30f0bc17d698bff2d8f78c1d79df50b5496c35eec83d4
                                                  • Instruction ID: 6bc05db344c8a07a9d2ffd335eec5f6c7bb010eef8043dc542900373793df252
                                                  • Opcode Fuzzy Hash: 58b96435b345e1fbc8d30f0bc17d698bff2d8f78c1d79df50b5496c35eec83d4
                                                  • Instruction Fuzzy Hash: 9D21EF30B00308DFDB149B78E1557EDBBF6AB88714F14006AE602EB390DEB14E458B81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DE448, Relevance: .1, Instructions: 90COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f7a5327a5ba5c2b038ddfc38543996fc84cce157e1cd608fe410d1beac1d141e
                                                  • Instruction ID: 75e05bb055162c9162d9f24b1a419b8acbafdeb51d8210548f37eb9cc485e7a8
                                                  • Opcode Fuzzy Hash: f7a5327a5ba5c2b038ddfc38543996fc84cce157e1cd608fe410d1beac1d141e
                                                  • Instruction Fuzzy Hash: CC3158312007068FC769AB38C45466E77A3BFD96087A48A2CD0469F798DE76E8068B90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D5B50, Relevance: .1, Instructions: 90COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a1ccf3a5e6d074cab885aae1ce77052b19181a93463475c4128232fdecf359c5
                                                  • Instruction ID: 572c0a55671f5c93783ab0ab6c03d5522961590d98cac4293609ea9f852d8a7e
                                                  • Opcode Fuzzy Hash: a1ccf3a5e6d074cab885aae1ce77052b19181a93463475c4128232fdecf359c5
                                                  • Instruction Fuzzy Hash: AF21A031B043099FCB589A7984506BEBBF2AF99310B15847EC407EB391EE348E018BA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DB0BF, Relevance: .1, Instructions: 88COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cc625bc2388dc41e26f0bcb5ed3cbe1ca56691fee8184e96532ef4f90be018d8
                                                  • Instruction ID: 4f8abf65913c864bc25b29db4c48a68bcd23a33840c7259607f102b19bb66175
                                                  • Opcode Fuzzy Hash: cc625bc2388dc41e26f0bcb5ed3cbe1ca56691fee8184e96532ef4f90be018d8
                                                  • Instruction Fuzzy Hash: 892149322443048BCB109B7DE8A95AA77A7EFCA374701446AE509C7315EE35CE078791
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DF150, Relevance: .1, Instructions: 87COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b8629b60b0cc2fad8616f4fd7f2fec8eebfd51b9fe5880e473efb4221e1c5042
                                                  • Instruction ID: f9b759188c93643a6535e543e3086f5839eccd71af1b1a914b43b687091799e5
                                                  • Opcode Fuzzy Hash: b8629b60b0cc2fad8616f4fd7f2fec8eebfd51b9fe5880e473efb4221e1c5042
                                                  • Instruction Fuzzy Hash: 2D313875D00208AFCB05CFB8C450AEEBBF6EF4D314F20806AD616EB265D7359A02DB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D43D0, Relevance: .1, Instructions: 87COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: da46f6a5acda385ea1f86fca4d50ec992339a09c5e8ac39fd4709cba86f2c37a
                                                  • Instruction ID: 4800dfb3e8be14dfb44d70be8860e4d683a387c12806f71f622db13b3c961bbe
                                                  • Opcode Fuzzy Hash: da46f6a5acda385ea1f86fca4d50ec992339a09c5e8ac39fd4709cba86f2c37a
                                                  • Instruction Fuzzy Hash: 59318B35600205CFDB24EF68D848DAD7BF2FF48308B1480A9E5069B2B9CB36AD55DB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D8B10, Relevance: .1, Instructions: 87COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f11f964048aaf8efe2de3ab3f8200a0a3040b1340784adce96e86c0aae33770a
                                                  • Instruction ID: e10f337b97ddd3343fe8e417a41fdcab101067d2e402f4f61c6219800398ffd4
                                                  • Opcode Fuzzy Hash: f11f964048aaf8efe2de3ab3f8200a0a3040b1340784adce96e86c0aae33770a
                                                  • Instruction Fuzzy Hash: D7315C31A18309CFC789AB78E45952D3BB3FB99365711856AE103CB2A4DF349D01CB41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06B31071, Relevance: .1, Instructions: 86COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.923006563.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c8f58d432e7c3f09579ce49b4e9fc30512ea3549984249065de477864bbf2af0
                                                  • Instruction ID: 1a3bd2b52d96a5272d229f143229b18008c0ce0d6f49ed9ac46688a349dfbb7c
                                                  • Opcode Fuzzy Hash: c8f58d432e7c3f09579ce49b4e9fc30512ea3549984249065de477864bbf2af0
                                                  • Instruction Fuzzy Hash: C131A971B002468FDB19DBB9D0502AEB7F3FB88300F5481A9C406AB394DF34A90ACB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06B31065, Relevance: .1, Instructions: 86COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.923006563.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c8f58d432e7c3f09579ce49b4e9fc30512ea3549984249065de477864bbf2af0
                                                  • Instruction ID: 1a3bd2b52d96a5272d229f143229b18008c0ce0d6f49ed9ac46688a349dfbb7c
                                                  • Opcode Fuzzy Hash: c8f58d432e7c3f09579ce49b4e9fc30512ea3549984249065de477864bbf2af0
                                                  • Instruction Fuzzy Hash: C131A971B002468FDB19DBB9D0502AEB7F3FB88300F5481A9C406AB394DF34A90ACB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D55E8, Relevance: .1, Instructions: 85COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 83bef7c9ddc7c417caf24266b92f10e0a5e54ab07d254b79584c40bf78f19392
                                                  • Instruction ID: a1e042d12d1f73cbdb9a4c4b110ee1e3d43f2d74c4fedfad6b7bd1820d01d7dc
                                                  • Opcode Fuzzy Hash: 83bef7c9ddc7c417caf24266b92f10e0a5e54ab07d254b79584c40bf78f19392
                                                  • Instruction Fuzzy Hash: 9421D330F403099FDB149B79E4557AEBBF6AB88714F14006AE502EB3D0DEB54E458B91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DAB90, Relevance: .1, Instructions: 81COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d4a2cfe5ad19ccef58e53d2172d6019cdb104fe4eb99ce044d76e4e7d5e98402
                                                  • Instruction ID: ebf4c601326aaf4d864fde49804c005f652f916399c9780a5e1f1a7d26fb4188
                                                  • Opcode Fuzzy Hash: d4a2cfe5ad19ccef58e53d2172d6019cdb104fe4eb99ce044d76e4e7d5e98402
                                                  • Instruction Fuzzy Hash: 45214431B04319DFCB18EB78D8419AEB7B6EF88754F204969D007EB294DB71AE058B94
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D5B60, Relevance: .1, Instructions: 80COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 20c2c40079e4e2d67b771819ea081a5b2b5b09fcb7a085278908906912ef147c
                                                  • Instruction ID: 7cb0da069e047bf31ff639f9e546b680da832b2ac509ca819fff1c42c01252db
                                                  • Opcode Fuzzy Hash: 20c2c40079e4e2d67b771819ea081a5b2b5b09fcb7a085278908906912ef147c
                                                  • Instruction Fuzzy Hash: DD219231B002099FCB189A7984506BEB7F69BC8710F50853AD407EB380DD35CE418BA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DEE90, Relevance: .1, Instructions: 80COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ca4248e62ce24087af59fa1d88e6d1e9b09a547f855aeaafac3cb6576a776adf
                                                  • Instruction ID: 55465ff160923ff074a4764e4be0f45ea9af5d2c5f8384546eb73f2491f7b62d
                                                  • Opcode Fuzzy Hash: ca4248e62ce24087af59fa1d88e6d1e9b09a547f855aeaafac3cb6576a776adf
                                                  • Instruction Fuzzy Hash: 55217171A04349CFD765CB68C440AA9BBE1BF84314F2845EED089DB255EB359A42C790
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D6F9A, Relevance: .1, Instructions: 79COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b100753779e077532c3c6fd4ca2e983f37d1e76191c2d588e9d8852b1b27eee0
                                                  • Instruction ID: 92e22074d4147c3224e57daf1d245d217c37cd1aa17a8f1f85204d9d29ad932d
                                                  • Opcode Fuzzy Hash: b100753779e077532c3c6fd4ca2e983f37d1e76191c2d588e9d8852b1b27eee0
                                                  • Instruction Fuzzy Hash: A9317C356103058BC715AF38E05926E7BE3EB862593548A6DD1068B398DF76DC0BCB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DE2E8, Relevance: .1, Instructions: 79COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1888a1b09841421a2d7cf8ac647e590afadd841cb15e4932d65427611b8a1721
                                                  • Instruction ID: 6ff429ee4d51c30a2211500ad826c0d8777db60bcfcafdde30b1709bad8eb5ec
                                                  • Opcode Fuzzy Hash: 1888a1b09841421a2d7cf8ac647e590afadd841cb15e4932d65427611b8a1721
                                                  • Instruction Fuzzy Hash: 6321E231A08358CBCB198B7994407FEBBE6AF88314F14446AD486DF740DF319E468791
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D87B8, Relevance: .1, Instructions: 78COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7a03dc571e1e70fb78985e3bb1328d5a4a31554082c9bfa037c955c1dd0f6fdf
                                                  • Instruction ID: d88f30462063d52c4836b1260a14c1ba65a2f2ee0db876603f730912ab64a2b3
                                                  • Opcode Fuzzy Hash: 7a03dc571e1e70fb78985e3bb1328d5a4a31554082c9bfa037c955c1dd0f6fdf
                                                  • Instruction Fuzzy Hash: 7511E136A0430EDBCB01DE64A9414FBBBB5EF83354B118467E909EB101D272972687D2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D25DE, Relevance: .1, Instructions: 75COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 640062fcb3633e97d9a6b977c8d328bb82fa37daaa66061b65175fb10617a07f
                                                  • Instruction ID: 59ebc77533bababb28d79faf9230e49947d7098cf7ea4ff96c6d255eff3de73f
                                                  • Opcode Fuzzy Hash: 640062fcb3633e97d9a6b977c8d328bb82fa37daaa66061b65175fb10617a07f
                                                  • Instruction Fuzzy Hash: A9313870A00349CBDB71DF69D44475ABBE2FF84314F24C269C0159F299DBB49989CF41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D21E9, Relevance: .1, Instructions: 75COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5b20d404468417e58318c0de131db655c5659026092430bc0be220caa184936c
                                                  • Instruction ID: 9656d6e3c5032c6997653dd60b5d08bea349439225f93305b611dbdae14da36f
                                                  • Opcode Fuzzy Hash: 5b20d404468417e58318c0de131db655c5659026092430bc0be220caa184936c
                                                  • Instruction Fuzzy Hash: EB31F630D08309DFCB95DBA8C1456BEBBF2FB45318F1045AAE402EB2A5DA359A45CB52
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D90B6, Relevance: .1, Instructions: 75COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9884bed00b7c44a73f594df8a78231a58a2d56d0fc81326ec2a87f7a8a9765e2
                                                  • Instruction ID: 48e52c5b2302b12a112e40f60c3c795474d163b459f058eca9368d96a18ce5b7
                                                  • Opcode Fuzzy Hash: 9884bed00b7c44a73f594df8a78231a58a2d56d0fc81326ec2a87f7a8a9765e2
                                                  • Instruction Fuzzy Hash: C9315430E14349CBDB20DF6AD84975AFBB2BF85318F14D52AD005AB254DBB8D989CF81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D8CC1, Relevance: .1, Instructions: 75COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ffec70e0e4faa16ee4606c61a57038717e35d0b970097e742a726515abc0b58e
                                                  • Instruction ID: d5bf21d5be0cceab9133be7834cf5633b181d9243bf03c653430e648a1a620c5
                                                  • Opcode Fuzzy Hash: ffec70e0e4faa16ee4606c61a57038717e35d0b970097e742a726515abc0b58e
                                                  • Instruction Fuzzy Hash: 8F312830E0530DDFDB54DFA9C1456AEBBB1FF56308F2044AAD802EB290DA359A44CB52
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D5830, Relevance: .1, Instructions: 75COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: df3638073723523e4746f0ac78aba27508ee326571f9407a70af8e36009b6962
                                                  • Instruction ID: 991352144cfe253b5f0f87c073f3e6f4f13428107a72a5fcd540a270f717baa6
                                                  • Opcode Fuzzy Hash: df3638073723523e4746f0ac78aba27508ee326571f9407a70af8e36009b6962
                                                  • Instruction Fuzzy Hash: 7F21C3317003099BC708A7BE9850A7FBBF6AFD9314B50457AD017DB7A1DD708E058361
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DD851, Relevance: .1, Instructions: 73COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 90f3066a1334e00847c72c5e0b0b9759d1d4dc16e7a88461a30c6c9f4c89e765
                                                  • Instruction ID: dd0216535901054737820bb7ecae106d5cfd69a4fee348ac2b076cdc63e03e11
                                                  • Opcode Fuzzy Hash: 90f3066a1334e00847c72c5e0b0b9759d1d4dc16e7a88461a30c6c9f4c89e765
                                                  • Instruction Fuzzy Hash: 6E217F702063458FC7569B38E4195997FB1BB4A31871489ADE006CF296CF36DD4BCB80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DAB80, Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f095cc53ae959d6ddf1e5270ed6590cd722023144f803527f04119dd4d6a05a1
                                                  • Instruction ID: 040eb8438ced5751c5b949b5ca4e8f4aa6855015c7493551d54b7788d73a1eb8
                                                  • Opcode Fuzzy Hash: f095cc53ae959d6ddf1e5270ed6590cd722023144f803527f04119dd4d6a05a1
                                                  • Instruction Fuzzy Hash: 03119631B043199BDB19EA78D841AAF77F7BF48754F20496AD403EB280DB71AE0187E0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DFD06, Relevance: .1, Instructions: 70COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1e5fab97e19ef11c9bf85fe95306273d12713b0613c2f5b463db09f513aa8019
                                                  • Instruction ID: 13cd144ec84efdd7d3c927e228e1cbfed689aa0e2024fc91f2e0cc146be59f9b
                                                  • Opcode Fuzzy Hash: 1e5fab97e19ef11c9bf85fe95306273d12713b0613c2f5b463db09f513aa8019
                                                  • Instruction Fuzzy Hash: 50319435A00204CFDB05DF68C580EADBBB2BF88324F169194DA01AB366D735ED91DB50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D5840, Relevance: .1, Instructions: 70COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 78ff45e249074d11f21ebf3cfeb7cc12cd23072f017a520ae3d5c5b2d78aa93e
                                                  • Instruction ID: e1a930bb0821bf1de91b8888021adcf4d55b8e2696fd384af615097f2541405c
                                                  • Opcode Fuzzy Hash: 78ff45e249074d11f21ebf3cfeb7cc12cd23072f017a520ae3d5c5b2d78aa93e
                                                  • Instruction Fuzzy Hash: 5B11AC31B0021A9BCB08A7BE9850A2FB7BAAFD9714B60453AD017DB7A0DD708E0443A1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D61E0, Relevance: .1, Instructions: 69COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 31e4647171b117c6944b6e8bde46e2bb44cc4003956c2ad53871c984873a4637
                                                  • Instruction ID: 9ccbce127c732d4ba9ce324630d310351024f1883e87002dae220796403764f6
                                                  • Opcode Fuzzy Hash: 31e4647171b117c6944b6e8bde46e2bb44cc4003956c2ad53871c984873a4637
                                                  • Instruction Fuzzy Hash: 1D11DD31B0435D8FDB54E6B994113BE7BE2ABC8724F24403AD506EB380EE249E0087A2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DB539, Relevance: .1, Instructions: 69COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2046445fb4e17751c7b110a9082b90d2e29058f94eb9949d5bda43544202f4cf
                                                  • Instruction ID: b138fdf36deb8158132dacea69b8e25c2ca7d084b09cd8427b3cc43d1d27b5b8
                                                  • Opcode Fuzzy Hash: 2046445fb4e17751c7b110a9082b90d2e29058f94eb9949d5bda43544202f4cf
                                                  • Instruction Fuzzy Hash: 5821AFB1E0462A8BCB04DF99D8844AEFBF2FB8D314F118129E81AE3340D7309E11CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DD88F, Relevance: .1, Instructions: 68COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a6ec79d1be8547d1a10ece9c251e39108f11f6a628a9239a051910f282149a1a
                                                  • Instruction ID: 669aeb8c0d4c526efa7b9a57015f3b6956918834427d6996e65fecd901f33b5b
                                                  • Opcode Fuzzy Hash: a6ec79d1be8547d1a10ece9c251e39108f11f6a628a9239a051910f282149a1a
                                                  • Instruction Fuzzy Hash: 0321C7B06113158BCB49DF29E0191597BF2FB8931D76489ACA10A9F395DF36DC4BCB80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DE760, Relevance: .1, Instructions: 68COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2615712aa5e31456e674f9424be872d1e3d6b684468eda527062906ced8e50e9
                                                  • Instruction ID: 8c065f06344c24e28109ed6344a8e6be1d9ccdc91274a613526222eb8c5b66cc
                                                  • Opcode Fuzzy Hash: 2615712aa5e31456e674f9424be872d1e3d6b684468eda527062906ced8e50e9
                                                  • Instruction Fuzzy Hash: 06216335A00219DFCB94DFADC5419BEBBF5EF48714B21806AD40ADB601DB35AF01CBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D5000, Relevance: .1, Instructions: 67COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fffba155d3cf9e08d4dae013a93d4c4fe87c9c07cc520c6077a90fdc72679cb8
                                                  • Instruction ID: 2f3cf19b467618718ef921d0c44340d9676efebab6f4514e862717210572917e
                                                  • Opcode Fuzzy Hash: fffba155d3cf9e08d4dae013a93d4c4fe87c9c07cc520c6077a90fdc72679cb8
                                                  • Instruction Fuzzy Hash: 8D117231B003158FCB54EBB9985076E77F6EB88754B54816AC506DB384EF309E028BD6
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D48C8, Relevance: .1, Instructions: 66COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2f66338cb4325cd193a0e18ea565787f4426b37d5067d198d785970d1c851e09
                                                  • Instruction ID: 8a2dd08fb5198ccbdfecb4fb668910818e3512cd689d4738d276d48ff03529bb
                                                  • Opcode Fuzzy Hash: 2f66338cb4325cd193a0e18ea565787f4426b37d5067d198d785970d1c851e09
                                                  • Instruction Fuzzy Hash: 7211C232F0421EABCB05DAB9C8508FFB7B7ABC4714B444429D906F7660DE346F068BA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06B30380, Relevance: .1, Instructions: 66COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.923006563.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e7ba4ead963244e2925963a665633a25f550f46eb39e8fd1decd1c920b0ed317
                                                  • Instruction ID: 09c9e37e13e62288a86c5c90184dbb1f262dc8b752de2f70b3d9ca7a396990cd
                                                  • Opcode Fuzzy Hash: e7ba4ead963244e2925963a665633a25f550f46eb39e8fd1decd1c920b0ed317
                                                  • Instruction Fuzzy Hash: 6A2150B0709268CFE7A4EF60E0586B93FB1FF55301F1454EAE0868B591CB359A81CB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D11DF, Relevance: .1, Instructions: 65COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7678dae80dd4be5c9337e2357a1192fd1f3a1df9406bfb544e520153defbf992
                                                  • Instruction ID: d58e7cf85ca4d45a78001a94511b71632e9979009182a72b5436a19bd30e31a0
                                                  • Opcode Fuzzy Hash: 7678dae80dd4be5c9337e2357a1192fd1f3a1df9406bfb544e520153defbf992
                                                  • Instruction Fuzzy Hash: 3B11BF307493808FC716CB38D45C9697FE6BF86304B1541EBD146CB6B2CE668D0E8792
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06B302C0, Relevance: .1, Instructions: 65COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.923006563.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: aab308431211d0cb0f3d3d7ecb8a82fdd340e90d952eef78262130b350ad0dc0
                                                  • Instruction ID: 43de9afa9d012744cce2b048a6e3f2aef8fe52b1cca906b5ebd6c821fb9ebfb7
                                                  • Opcode Fuzzy Hash: aab308431211d0cb0f3d3d7ecb8a82fdd340e90d952eef78262130b350ad0dc0
                                                  • Instruction Fuzzy Hash: D3210676908118EFCF569F90D848CE9BFB2FF49310B0A84D5E246AB032C736D565EB51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D48B9, Relevance: .1, Instructions: 64COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 21f94b60da7d8fde49a0a5fc62c0440b43040720d3eac581ef6318e0bfef94b0
                                                  • Instruction ID: ee1c50b0efa5ce8a74086390624e44161862e267182f8c653100fc95a74b0855
                                                  • Opcode Fuzzy Hash: 21f94b60da7d8fde49a0a5fc62c0440b43040720d3eac581ef6318e0bfef94b0
                                                  • Instruction Fuzzy Hash: 0D11A331E0431AABCB44DE69D9504EEB7B3ABC4314B05802AD906B7660DE306E068B91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DE751, Relevance: .1, Instructions: 62COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d6f65c37c966bccebb9bb61ede07ad2e2604d5c8d65dc107bbb569a113db20af
                                                  • Instruction ID: 5d3a9345339e855f10ff9560669910612d48ef2414b93c9a76da6f5d0446f2b8
                                                  • Opcode Fuzzy Hash: d6f65c37c966bccebb9bb61ede07ad2e2604d5c8d65dc107bbb569a113db20af
                                                  • Instruction Fuzzy Hash: 1B118475905208DFCBA4CF68C9419FEFBF4EF48314B11806AD44AEB201D7359B02CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D4520, Relevance: .1, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b45add0f36d1695b0e30874edf7b1548e60f7fce8ec805dd7a97cccfce640aad
                                                  • Instruction ID: bf817a9a4cb064659d90d9e5ad8adf32c8d60155782c5664a69c9ca318e8ad4c
                                                  • Opcode Fuzzy Hash: b45add0f36d1695b0e30874edf7b1548e60f7fce8ec805dd7a97cccfce640aad
                                                  • Instruction Fuzzy Hash: AB01AD32E042198BDF14DA5D94002EFB7B69FC5321F54407ABE06EBA90DA729A0587D1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DCD78, Relevance: .1, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b36888c35583ce10aae523f8c2da240d89fec007fa2cad59bb48e4fdf8290a4f
                                                  • Instruction ID: 7c6a2b03d50784a2e77b055282a07b2c0b76b8baaa2d7f12ad5bfa0049ded4b3
                                                  • Opcode Fuzzy Hash: b36888c35583ce10aae523f8c2da240d89fec007fa2cad59bb48e4fdf8290a4f
                                                  • Instruction Fuzzy Hash: 65115E71B002159BC758AB6DD850A6EBBEBEFD87147148069E40ADB394CF31ED02C795
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D0B18, Relevance: .1, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 50819c7087adc2e52462447869d7c71036c1a104edf9e7e98ff4c1a1075c85b1
                                                  • Instruction ID: 874cb1961c27d6a985a7117f500b639a48835a56ec1f34c5a57f0a58c20c7c77
                                                  • Opcode Fuzzy Hash: 50819c7087adc2e52462447869d7c71036c1a104edf9e7e98ff4c1a1075c85b1
                                                  • Instruction Fuzzy Hash: 0011C431F9C36EEACB205D79881477E63959B4478DF10856AB853EB280DA70CB00C791
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DFA98, Relevance: .1, Instructions: 60COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d96287a09723585c07ccd41bc791bea1663099e7c4294cc4458b1f0039464d9a
                                                  • Instruction ID: 03ec6e413eeba85da6aa9531b041ddd6bd74487e57b52a824b4ae96ab570ada5
                                                  • Opcode Fuzzy Hash: d96287a09723585c07ccd41bc791bea1663099e7c4294cc4458b1f0039464d9a
                                                  • Instruction Fuzzy Hash: A2118E30A08349DFDB149B64C4647AEBBF2AB88318F14046ED207E7380CA755E46DB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D572F, Relevance: .1, Instructions: 59COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: dd4ba316e0a9ba87572b1b87d7cf7e19fa479661456a18e3d41e65da8a9a5b72
                                                  • Instruction ID: 9280eca12776922d80d428fdf1bba6d2ffcc6c5c36c828d2ec9b7dd27d132f64
                                                  • Opcode Fuzzy Hash: dd4ba316e0a9ba87572b1b87d7cf7e19fa479661456a18e3d41e65da8a9a5b72
                                                  • Instruction Fuzzy Hash: 40113D30A50309CFE754DF74D6456AE7BB2FB48754F20816AD505E7264DB35AE01CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DCEA8, Relevance: .1, Instructions: 59COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9fc5a7b8593cec1a40a70737315dc381b7fe8bb1ff4bc0d1d9eface8f27f5ab9
                                                  • Instruction ID: 7a4d12d38af807712b879b871e926def00a8060cf323eb8eb521eceac562edbc
                                                  • Opcode Fuzzy Hash: 9fc5a7b8593cec1a40a70737315dc381b7fe8bb1ff4bc0d1d9eface8f27f5ab9
                                                  • Instruction Fuzzy Hash: 63118C302083048BC714AB2DD15867EBFE39BC2709754896EE04BCB284DF72EE42C796
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DFEE1, Relevance: .1, Instructions: 59COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3e71527b8fae76551516095fb1e6547aa07348aff3caac1cea0bb1ed69ad4562
                                                  • Instruction ID: 6520eb0305e43a911223fcd1dea81926552b3c294fc77512e3f3d0617ceb326c
                                                  • Opcode Fuzzy Hash: 3e71527b8fae76551516095fb1e6547aa07348aff3caac1cea0bb1ed69ad4562
                                                  • Instruction Fuzzy Hash: CB11C431508285AFCB529B7C98105E9BFF5EF46310B14C0EBE1C5C7152E6304A17DB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 030C0846, Relevance: .1, Instructions: 59COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917558875.00000000030C0000.00000040.00000040.sdmp, Offset: 030C0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d405b273d9164665d2c4b4454dc72c3d476d08eac87339d0a73197384d6f40aa
                                                  • Instruction ID: eb18ecf402d34cc9d4a197eda41eb1a8453ca15c7686ac173ae38ac8404b35ff
                                                  • Opcode Fuzzy Hash: d405b273d9164665d2c4b4454dc72c3d476d08eac87339d0a73197384d6f40aa
                                                  • Instruction Fuzzy Hash: 7C213B3514E3C49FD707CB64C850B55BFB1AF47208F1D85DED4848B6A3C23A8816DB52
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 030C087C, Relevance: .1, Instructions: 59COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917558875.00000000030C0000.00000040.00000040.sdmp, Offset: 030C0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b1059087e07da84f7ca793feff67f986a87745862f11072ffe49d97b6a301d9b
                                                  • Instruction ID: 28817fc426101ff4adbaabd9b3085cb1f05f647ac8f03a0eac478285bc7fd4af
                                                  • Opcode Fuzzy Hash: b1059087e07da84f7ca793feff67f986a87745862f11072ffe49d97b6a301d9b
                                                  • Instruction Fuzzy Hash: 6511B134215384DFD755CB14D940B2EFBD5EB88718F28C9ACE9890B692C77BD813CA91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06B302D0, Relevance: .1, Instructions: 58COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.923006563.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 85213b2ff0875815d8bef822f8aadcd0acb9e19a422cb296305d35bb5e16a875
                                                  • Instruction ID: b1f2002dc3167d81988dd7765809a4de312c8a08eb10c2bf401f577826a084f1
                                                  • Opcode Fuzzy Hash: 85213b2ff0875815d8bef822f8aadcd0acb9e19a422cb296305d35bb5e16a875
                                                  • Instruction Fuzzy Hash: E811E376904128EFCF069F80D848CA9BFB2FF49311B068495F2166B032CB36D565EB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DE159, Relevance: .1, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ad2ec50df9e78bce62f2809fc319637002166454ed842081db6b732af6bc9a36
                                                  • Instruction ID: 45e5961e452afe8d9d221e352904d69570b5610b729df74548b46ca27532ec9a
                                                  • Opcode Fuzzy Hash: ad2ec50df9e78bce62f2809fc319637002166454ed842081db6b732af6bc9a36
                                                  • Instruction Fuzzy Hash: 5E012672B003559FCB242B7998142AF7BEAFF8A72472444BED046DB391CD358C028360
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DCA90, Relevance: .1, Instructions: 56COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cae36320c05102b27f6cc60e6efa5c915477c58359976cf17c4f6fc6de8cde58
                                                  • Instruction ID: 5967eaa94bbe3239151f43159ce27e5d7fa9287cbe260f4f2e199d3ff9ca2284
                                                  • Opcode Fuzzy Hash: cae36320c05102b27f6cc60e6efa5c915477c58359976cf17c4f6fc6de8cde58
                                                  • Instruction Fuzzy Hash: 2B11AC727042619FE345AB3CE419B393BE7E7C9721F0504A8E502DB391CE749C45CB94
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D8529, Relevance: .1, Instructions: 55COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 57964ab5f5e2f0d73036a822505f0daf2f753011c3747264180349b0e593d2f0
                                                  • Instruction ID: 1eba499aea31b11aa736434a284410e92b890210c6275cd18f2c4de01549bf24
                                                  • Opcode Fuzzy Hash: 57964ab5f5e2f0d73036a822505f0daf2f753011c3747264180349b0e593d2f0
                                                  • Instruction Fuzzy Hash: A5119171904208DFDB11CFA8D4446D9BBF1EF8A314F1480AAE601E72A5D7756E49CB51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D4FF0, Relevance: .1, Instructions: 55COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8442f6a83fcd22e014c17a9899287c9b8fce87fb450959af255de71f5537b34e
                                                  • Instruction ID: 1cd2c7145f42ab53938b9b529b0908ce880ec163b4b7aaf96504ac7dbc809def
                                                  • Opcode Fuzzy Hash: 8442f6a83fcd22e014c17a9899287c9b8fce87fb450959af255de71f5537b34e
                                                  • Instruction Fuzzy Hash: DD01A135E043098FC750EB7898417FE7BF5EB84250B448127CA05D7240EB205E05DBD2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D54F8, Relevance: .1, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ad95346ef8fa6b723c665c4f9a3318066ebab654554387d4fe9d1794512f7474
                                                  • Instruction ID: f8e57e627c9b48ccfad6b5bbb44ff76a704e9d3036c6514173931e4152c350ac
                                                  • Opcode Fuzzy Hash: ad95346ef8fa6b723c665c4f9a3318066ebab654554387d4fe9d1794512f7474
                                                  • Instruction Fuzzy Hash: 0F114C34A213058FDB54EFB8EA45AAE7BF6EB8C314F50852AD606D7264DB345E01CB80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D4789, Relevance: .1, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7c9a85f6d14b1ba4738caa39c0c99f5fd7c54efdedb36bc97fef8dbb3a04d20f
                                                  • Instruction ID: 679f95e03bc1fe2eaec7187f074f7f80b0ccbf0ee8c1405a41e32b523a74470f
                                                  • Opcode Fuzzy Hash: 7c9a85f6d14b1ba4738caa39c0c99f5fd7c54efdedb36bc97fef8dbb3a04d20f
                                                  • Instruction Fuzzy Hash: 50012D31E002098FCB94EFB895552EE7BF2EB99350F20843EC50AE7250EA355A069B91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D05B9, Relevance: .1, Instructions: 52COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 094ad6a3903dc3c59fbc4d26f18457bcbb15f61c86c808747c8c8c6d0887bd47
                                                  • Instruction ID: c2c29f89048598f61ec0a2303b622a6ffa8a9828c8e4a230a5dc68129aa93079
                                                  • Opcode Fuzzy Hash: 094ad6a3903dc3c59fbc4d26f18457bcbb15f61c86c808747c8c8c6d0887bd47
                                                  • Instruction Fuzzy Hash: BA01F9323043540FC749663DA4112BF679B9FCA65C718846FF006DB394CD689C0B53D6
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D4511, Relevance: .1, Instructions: 52COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7e8baaed0659eda49277ed231a4a33a1e3814e8b1725395a9b0efd444caa87dc
                                                  • Instruction ID: 51324259f6202937957b0e4a0e1a921ae97376acb52fcc820d2bbacf62d350a3
                                                  • Opcode Fuzzy Hash: 7e8baaed0659eda49277ed231a4a33a1e3814e8b1725395a9b0efd444caa87dc
                                                  • Instruction Fuzzy Hash: CE012431E043058BCB188A2C84102BFBBF69FC6320F5481BEA906D7B90DE359E05CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DA8B9, Relevance: .1, Instructions: 51COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f5bd596d5147e3b2a9a6a174362d3bb5fa7f84e6ac0a18353bba813c4de7403f
                                                  • Instruction ID: 5a043474203df03f4887bcee419cbb05a042f64b8bef8559a5ad955604dc079d
                                                  • Opcode Fuzzy Hash: f5bd596d5147e3b2a9a6a174362d3bb5fa7f84e6ac0a18353bba813c4de7403f
                                                  • Instruction Fuzzy Hash: 3C01D634A04748ABCB2C8B64C590BBFBFB29B86304F25046ED462E7340DB745E02C7A0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D5469, Relevance: .1, Instructions: 51COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: dea48726d54a7ef0b1ea36da35fad7c9b4bbf1d199c832cc17189ddc9b2a5466
                                                  • Instruction ID: 0e1d67b56ebe04890e1e579165d3797d294a04a9897443897ae2c477cda3b0ec
                                                  • Opcode Fuzzy Hash: dea48726d54a7ef0b1ea36da35fad7c9b4bbf1d199c832cc17189ddc9b2a5466
                                                  • Instruction Fuzzy Hash: E10147342083944FC7222A7D10142A93FFA2F46335B0E40EFC045CB263D9605D89D7A3
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D238F, Relevance: .1, Instructions: 51COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d40cffcadc1984d7320b0f3011d685451cde6dbcf1061c93d0bf4f7abd8552f7
                                                  • Instruction ID: 34cbc8422800f78a066e181a92ea62e5af61f4b80aca5aefa8feeabbb04ef34a
                                                  • Opcode Fuzzy Hash: d40cffcadc1984d7320b0f3011d685451cde6dbcf1061c93d0bf4f7abd8552f7
                                                  • Instruction Fuzzy Hash: 83113670D04319CFCB288FA8C681AAEBBB2FB48318F10416AD502E6254DB715A42CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D7DE0, Relevance: .0, Instructions: 50COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 748e7ba8f3ec0ffb80d5261f615825c7a580f66e3385d6dfce1b47ce8ab26923
                                                  • Instruction ID: 416f8c9b9f929a18b8d4d58af761a62f7fda53cd09b22fc79ad9f62d1640c02d
                                                  • Opcode Fuzzy Hash: 748e7ba8f3ec0ffb80d5261f615825c7a580f66e3385d6dfce1b47ce8ab26923
                                                  • Instruction Fuzzy Hash: 6F01B131A043088BDB249B58C991BBFBBF1AB84B1CF10446EC506E7640CB71AE028BD1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D7110, Relevance: .0, Instructions: 50COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1429bda0ba32da4916bcdec9822d1c711fd64f34b3b756911c797f456c0438c3
                                                  • Instruction ID: 00cb699c8d777efede4cd3a4bf67e7be4a20ce8bb6fd9c89c732755b3c5da4ff
                                                  • Opcode Fuzzy Hash: 1429bda0ba32da4916bcdec9822d1c711fd64f34b3b756911c797f456c0438c3
                                                  • Instruction Fuzzy Hash: 1E019E35208359CBC71A9F38E4555A87B63FB8630D71486BFE505CA294DF359D46C780
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DE168, Relevance: .0, Instructions: 50COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: dcf1bbc6029b254d45c28491b5b4526fdef284ba3cd77700245afbf9012d4d61
                                                  • Instruction ID: c133a446f32479f156f7368705c1e7ab5b2ebad788cb7fa0b0872a58d25516ca
                                                  • Opcode Fuzzy Hash: dcf1bbc6029b254d45c28491b5b4526fdef284ba3cd77700245afbf9012d4d61
                                                  • Instruction Fuzzy Hash: 460184317103259BCB242BB9981466F7ADEFF89725B104479E507DB394DD35CC0183A1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DA8C8, Relevance: .0, Instructions: 50COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 653139c1213d0deba1ad9dfacce40e240b55df2fe287e0c9d7122fb5ef4486df
                                                  • Instruction ID: a4d7c4683b5b92b45e2dd1145611ba2ae429816229744142cf85b6478ed46e2f
                                                  • Opcode Fuzzy Hash: 653139c1213d0deba1ad9dfacce40e240b55df2fe287e0c9d7122fb5ef4486df
                                                  • Instruction Fuzzy Hash: 40019635A0430CABDB2C9A54C450BBFBBB19B85314F25445EC526E7340CB756F0187D1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D5740, Relevance: .0, Instructions: 50COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0b11625f58c25a4d90c190fc37a4aad3c964e346cec853ff867629b1ff3e01f8
                                                  • Instruction ID: 3d95baad93e034cf37a43251c6fe39798640deea747ff6d1ef16dd749ca1fb13
                                                  • Opcode Fuzzy Hash: 0b11625f58c25a4d90c190fc37a4aad3c964e346cec853ff867629b1ff3e01f8
                                                  • Instruction Fuzzy Hash: A7112130A50309CFEB14DFB5DA416AE7BB6FB48344F60412AD505E7254D7359E01CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DCA80, Relevance: .0, Instructions: 50COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 024b5a7661f18656d3ae54f9bc33366110b6cb5813597d845027e6d298d6b3ba
                                                  • Instruction ID: f9b31d846fa7a417ddf4ca49f819f07286384d3d490e68b5c2b03c8392f8866d
                                                  • Opcode Fuzzy Hash: 024b5a7661f18656d3ae54f9bc33366110b6cb5813597d845027e6d298d6b3ba
                                                  • Instruction Fuzzy Hash: E611D2713043A08FD302EB38E559A697FF7EB8A321F0504EAE001CB252DB348C85CB64
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06B30EF0, Relevance: .0, Instructions: 50COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.923006563.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f86fa05b1ef156eee480e4483e1829621481b2648fe658c9d1bd1cc86defd89c
                                                  • Instruction ID: f7a35326f13002ba6e27c7c620537783e80d82c3a7e8e8f3bd1e324ffd8145f8
                                                  • Opcode Fuzzy Hash: f86fa05b1ef156eee480e4483e1829621481b2648fe658c9d1bd1cc86defd89c
                                                  • Instruction Fuzzy Hash: 041161B0B4422ADFE7A4EF94D491ABE7BF4FF48300F1005A9D402AB388DA305941CBD5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D5508, Relevance: .0, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c3cc6f3807a59c8a9da1d9aeeeff5a91ed67f337d9f5fbaecaed471bbb5729b5
                                                  • Instruction ID: d438bdaad0514e0f8df5549047293b85183f65da6c3e7e05947f67eb0be4ba18
                                                  • Opcode Fuzzy Hash: c3cc6f3807a59c8a9da1d9aeeeff5a91ed67f337d9f5fbaecaed471bbb5729b5
                                                  • Instruction Fuzzy Hash: 3F118434A213058FDB54EFB8EA45AAE7BF7EB8C344F50442AE205D7264DB345E00CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D7DD0, Relevance: .0, Instructions: 48COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 06f1fc4f4db05cc0b8ca6fdb06714774504b137742897ed7f764db602b67e49d
                                                  • Instruction ID: b97fc276863ff9ab56b5748c407d6644bd2307575fd284744d3b70ec5dd174f5
                                                  • Opcode Fuzzy Hash: 06f1fc4f4db05cc0b8ca6fdb06714774504b137742897ed7f764db602b67e49d
                                                  • Instruction Fuzzy Hash: 99019230A443598BD728CF64C6557BEBBF1AB84B0CF14446EC506E7640CB74AF028B81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DA701, Relevance: .0, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 62022062d6ce658b017e9c359086fb2593d2bf3b3984490f7931ba146e472b81
                                                  • Instruction ID: 2a239003370ea12e650f56cd2f51a9d2f063d5a0dae7bb3f8000bed2327839ea
                                                  • Opcode Fuzzy Hash: 62022062d6ce658b017e9c359086fb2593d2bf3b3984490f7931ba146e472b81
                                                  • Instruction Fuzzy Hash: 78F0C82130D39417C7152A7C68D07BE6B9BBBC2328779436EE096DF3D9CD284E0683A1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DAF50, Relevance: .0, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 90b64662d07e7ebc916aacf530a4d42f5e9623fcfec5ba33ca20e141a22ecd44
                                                  • Instruction ID: d0c1eaa7b01a4166680771f960feeb343bd4824fbfb973fefe861dd38d3928b2
                                                  • Opcode Fuzzy Hash: 90b64662d07e7ebc916aacf530a4d42f5e9623fcfec5ba33ca20e141a22ecd44
                                                  • Instruction Fuzzy Hash: 72014F72E102099FDB50EFBDA9057AEBBF5EB44325F20427AD608D3280EB345A05CBD1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 030C05CF, Relevance: .0, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917558875.00000000030C0000.00000040.00000040.sdmp, Offset: 030C0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 44edda395e02efc72316675f567fe885fa57b362e5c47e62cccdc58901151f4e
                                                  • Instruction ID: 83a9511b8369801b1fdaaa163c8c32b01aa9731f6060b25532c0c0b92a48adb1
                                                  • Opcode Fuzzy Hash: 44edda395e02efc72316675f567fe885fa57b362e5c47e62cccdc58901151f4e
                                                  • Instruction Fuzzy Hash: 3401A7725097806FD712CF15DC40862FFB8EF46620708809FED89CB612D225A908CB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D05C8, Relevance: .0, Instructions: 45COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cb7dae00a095cf29df9c26132601987038ca38c1050e9707e76aa4d36984a022
                                                  • Instruction ID: f4846460663c6317ac2776112f40b716f457547c7a8effcd84c255287977200b
                                                  • Opcode Fuzzy Hash: cb7dae00a095cf29df9c26132601987038ca38c1050e9707e76aa4d36984a022
                                                  • Instruction Fuzzy Hash: 20F0B4223002240BC608767EA41167F62CBABC9A5C768442EF106EB384CD78EC0B53D6
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D4798, Relevance: .0, Instructions: 45COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8326afa51716f700a0791a489f20aaccf9acc045d9b8feb0d93aee1612bf4e16
                                                  • Instruction ID: 200c18a9d885da0468efe23db16eb456f83d3f9ae390a6f2c1300d2d301186e5
                                                  • Opcode Fuzzy Hash: 8326afa51716f700a0791a489f20aaccf9acc045d9b8feb0d93aee1612bf4e16
                                                  • Instruction Fuzzy Hash: 4B014F31F0020A8FCB54EFBC84042AFBBE7EB89350F108439C109E7280EE354A4687D1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DAF40, Relevance: .0, Instructions: 45COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fd2328875ba9c45806cd7de18837e7d8ad73fe5c5ab36f9f7eb244e2a79336ff
                                                  • Instruction ID: 07a811225fd36bfd845a25191c45b0553df3cafe12f78745bbfa6aed90237ead
                                                  • Opcode Fuzzy Hash: fd2328875ba9c45806cd7de18837e7d8ad73fe5c5ab36f9f7eb244e2a79336ff
                                                  • Instruction Fuzzy Hash: 63014FB1A103098EDB54EFB9D5053AABBF1FB44711F2045AAD648D7280FB348A45CBD5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D6EA0, Relevance: .0, Instructions: 45COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 01a97073ddbb1f4c4953df97c7499d63e6ecb64c7cb8e9cf474c9123d47390dc
                                                  • Instruction ID: e54303eca195269595581efe6b9b9be170a012c80fda8b06d3946d38360222c7
                                                  • Opcode Fuzzy Hash: 01a97073ddbb1f4c4953df97c7499d63e6ecb64c7cb8e9cf474c9123d47390dc
                                                  • Instruction Fuzzy Hash: DD016271E002099FEB50DBBDE8407AEBBF4EB48310F60417AD608D3290EB349A51CBD1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06B303E8, Relevance: .0, Instructions: 45COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.923006563.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 173d4ce6ebe132dfbce1eba27673b2c128bc2c2df20665b729025cddf0af381a
                                                  • Instruction ID: de41503019e693c7299eae4c576e5dcf9e09dede8304963379309fef06411bed
                                                  • Opcode Fuzzy Hash: 173d4ce6ebe132dfbce1eba27673b2c128bc2c2df20665b729025cddf0af381a
                                                  • Instruction Fuzzy Hash: 0C019EB0708324CFE3A5AB64E1583757BB1FF65301F1440EAD1868B6E2DB388E81C781
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D7819, Relevance: .0, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 922969ba1c20d7eccec45ad0b4fb171c4770ae014546aee4435323524d86f5e9
                                                  • Instruction ID: db06f43029520fbe759df66cc56a1ddcb3597153cdf45244e6eb68bdb03d08a7
                                                  • Opcode Fuzzy Hash: 922969ba1c20d7eccec45ad0b4fb171c4770ae014546aee4435323524d86f5e9
                                                  • Instruction Fuzzy Hash: 41F0F43130C32547C7146A6CA88162E7787BF8533C764426AA12ADF3C9CD248D098366
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D6E90, Relevance: .0, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f5c5b1f85d9430f85b85d4150aae36a868abfeed6ce0f98f1d70efb7c3fae93c
                                                  • Instruction ID: 534322a4212d56bd9fa9b4f77bb21a7ba82f5de4c58c6477d2a815ad14b9e8fc
                                                  • Opcode Fuzzy Hash: f5c5b1f85d9430f85b85d4150aae36a868abfeed6ce0f98f1d70efb7c3fae93c
                                                  • Instruction Fuzzy Hash: 27017870E003099FEB60DFB8D9507AEBBF1EB48710F60416AD604E3291EB349A41CF91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D4710, Relevance: .0, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 96a8f21d39cb2fff2de42aafab2400425760d179c1cd1a997c947bc80153bf26
                                                  • Instruction ID: 47d3a097322555ca6841720307ec49b3e5eb18be6c8beca3c3fa1ff3d03a0522
                                                  • Opcode Fuzzy Hash: 96a8f21d39cb2fff2de42aafab2400425760d179c1cd1a997c947bc80153bf26
                                                  • Instruction Fuzzy Hash: 5BF02B323013184BCA2512B954043BE33CB97C5754F44007ED20AC7B50DD35CD454351
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D1218, Relevance: .0, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: eaca55317cb6c13f6151406cba00f379b28a844f7c01a5d5f5b6d14b48d276f4
                                                  • Instruction ID: 8b0157b0bf85f4c1604fb488a6e485de207ae6e27a7a21c858265b5e2bfee297
                                                  • Opcode Fuzzy Hash: eaca55317cb6c13f6151406cba00f379b28a844f7c01a5d5f5b6d14b48d276f4
                                                  • Instruction Fuzzy Hash: 4C0119303042188BC708DB29D05C96AB7EABFC9719B2441AAE506CB774CF769D098B86
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D8A31, Relevance: .0, Instructions: 41COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 026621bc8df909f233797e0de65cf69dcc3296eac9f7e5abac864680c9a4d022
                                                  • Instruction ID: 49072f1be2672bcc15261e42e4929337c9b3a1607c10cc3eef47f802e9ccbcc3
                                                  • Opcode Fuzzy Hash: 026621bc8df909f233797e0de65cf69dcc3296eac9f7e5abac864680c9a4d022
                                                  • Instruction Fuzzy Hash: 2D0193B4D05249DFDB45DFE9C490A9DBBF2BB99300F1081AAC908E7351E7345A81CB52
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D7828, Relevance: .0, Instructions: 40COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d54fbbb46bce7b9412e307ac88d766b21c2ca72cb358e6c124adfae251f40155
                                                  • Instruction ID: 5d63eb061fa920bfe7d406cf04a3c160b179f8485585dad4bfb8ffc9d894a4d5
                                                  • Opcode Fuzzy Hash: d54fbbb46bce7b9412e307ac88d766b21c2ca72cb358e6c124adfae251f40155
                                                  • Instruction Fuzzy Hash: 00F0E93270831853C618266E6C85A6E778BBBC533C7A44329A11ADF3C8CD248D0983A6
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D6860, Relevance: .0, Instructions: 40COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f1170a6d8162a19ab71f01841f2a7a3ac59cebe08af6deaf7eaa090fc29532e5
                                                  • Instruction ID: b7f760cb432647d3b3a9399070c5723717fb456023006a85568a563fc4520d8c
                                                  • Opcode Fuzzy Hash: f1170a6d8162a19ab71f01841f2a7a3ac59cebe08af6deaf7eaa090fc29532e5
                                                  • Instruction Fuzzy Hash: 96F02836A4835FEFCB229B6894410EC7B91AF8132C76544EBC4A5CA153F7280A0B8751
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DB0D0, Relevance: .0, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cf946b4d997977349a90f5115812a6687e115972b53f3f154c72f3b8fb576b94
                                                  • Instruction ID: c00ab54df1b48e10a4386de877aa061c17fa56cc66fea895c728035d4ba58989
                                                  • Opcode Fuzzy Hash: cf946b4d997977349a90f5115812a6687e115972b53f3f154c72f3b8fb576b94
                                                  • Instruction Fuzzy Hash: DBF0AF31304309CBCB10AB38E819559BBE7EB893A5715817AE106CB314EF31DD068791
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DFF18, Relevance: .0, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 29aa42df9dc007bc2edccbb8016eb2e8d8bf69e150f336678ffc19b07c3df062
                                                  • Instruction ID: 9453ecc778691b1b9ca12582001bb14d14bfdf3a35dc3418224d2d6c2c36a6a9
                                                  • Opcode Fuzzy Hash: 29aa42df9dc007bc2edccbb8016eb2e8d8bf69e150f336678ffc19b07c3df062
                                                  • Instruction Fuzzy Hash: 3801A971804358AFCB42DFB888504EDBFF0EF4A310B15C4E7E585D6161E6314722EB51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D64A0, Relevance: .0, Instructions: 38COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 935bf2a0db9aa58e360f097abdf846ec785999905c6a9553473a576a7eba9bb4
                                                  • Instruction ID: b51707bbf3172f62f253ae5362f032df06bf7c13ee634522dcea758ca6b24084
                                                  • Opcode Fuzzy Hash: 935bf2a0db9aa58e360f097abdf846ec785999905c6a9553473a576a7eba9bb4
                                                  • Instruction Fuzzy Hash: C9F02430E1031D8FCB208A2894909FE77B3EBC4368F10407AC906E3291EF216F4686C1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D5CCF, Relevance: .0, Instructions: 38COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b99400101bb526074e78d78df4a2567dd0d862107f2b267079c3d56c56e76632
                                                  • Instruction ID: 3794300f769adaa8f47a9880665021b0a47e6959246e1fc3c2f0aec4f4305dad
                                                  • Opcode Fuzzy Hash: b99400101bb526074e78d78df4a2567dd0d862107f2b267079c3d56c56e76632
                                                  • Instruction Fuzzy Hash: B7F06871E043158FCB80DF7D544569E7BF6EF89220B05407AD509E3251EA349A018BE5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D68D2, Relevance: .0, Instructions: 38COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e0b1f9aad90dffdb041bc2269a7878e63feb548e89104e2ca8015315da3e4e30
                                                  • Instruction ID: 67fc896e0d2cd84e8196d4e7e754a6f734e223e26c5d0f677af531aa6518c288
                                                  • Opcode Fuzzy Hash: e0b1f9aad90dffdb041bc2269a7878e63feb548e89104e2ca8015315da3e4e30
                                                  • Instruction Fuzzy Hash: 35F09635A1431EABDB545638A8011EEB7B19785364F50406ACA06D3250EB355A0696D1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D68E0, Relevance: .0, Instructions: 38COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 187749fd4ba361c6f449ea8dec23d2e2e5ebdc8055dd39d49431b768af2fa9da
                                                  • Instruction ID: 8434e3927ec77c2da1fea367216027c12bd4bc2efba1b22f2bf701b7f00ecbd1
                                                  • Opcode Fuzzy Hash: 187749fd4ba361c6f449ea8dec23d2e2e5ebdc8055dd39d49431b768af2fa9da
                                                  • Instruction Fuzzy Hash: 99F0E931B0835EAB8B14923998105FFB7D687C9758F604066C907D3340FF255F0586D2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DA691, Relevance: .0, Instructions: 38COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: da24226a59a11b57b9d1f1eb7105b3c0733c96173b66677bcf314b81943b5866
                                                  • Instruction ID: 5f2deb080920a8ffad232561062874341595500d5b28851d73daf667c556142d
                                                  • Opcode Fuzzy Hash: da24226a59a11b57b9d1f1eb7105b3c0733c96173b66677bcf314b81943b5866
                                                  • Instruction Fuzzy Hash: FAF0AF3160D385CFC31A9778A8555697FA29ED221832C84AEE08ACF292EE65C90BC751
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06B31319, Relevance: .0, Instructions: 37COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.923006563.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 084770f8f426278287f23629bfffa720d6a6a3116e9b837a4315f19d6a67c6e2
                                                  • Instruction ID: 3c808f9c23935c1595abdbc07d1e4c067c5d3166703e47a81b4849816adf775d
                                                  • Opcode Fuzzy Hash: 084770f8f426278287f23629bfffa720d6a6a3116e9b837a4315f19d6a67c6e2
                                                  • Instruction Fuzzy Hash: E9F05239B483C04FCB229BB898610BC3FB99F8211030884EFC985CB393DC128C0B8782
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D45B9, Relevance: .0, Instructions: 34COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 86529ae025e33ef3a88e5b23148e6f4c11568439b80a6f067f3215ba06454359
                                                  • Instruction ID: fbdbc4f24e8d81a6a45277fa4cd9e7c4108f1625c1dc8ded756929fa6f5ac6af
                                                  • Opcode Fuzzy Hash: 86529ae025e33ef3a88e5b23148e6f4c11568439b80a6f067f3215ba06454359
                                                  • Instruction Fuzzy Hash: 1EF08231E403599FDB90CFB89D46AAEBFF8EB85320F11407FD618D7152E6345A058761
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D0908, Relevance: .0, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3aa23943ee1171ff019a310ad79f46e30bdfa88c492d961619c7e8c7c719e82a
                                                  • Instruction ID: 8b107f58d506a6ba13f9cb61473e71eb9bb7f3db16d1efb6a6159d9546b388ed
                                                  • Opcode Fuzzy Hash: 3aa23943ee1171ff019a310ad79f46e30bdfa88c492d961619c7e8c7c719e82a
                                                  • Instruction Fuzzy Hash: EDF02730D1935C9FD7509AB4451466F7FF65F82304F02455BB803DB345C9748E058792
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DFD19, Relevance: .0, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7289e2ed88b598942d336e402ba982efb99cecb9adb11a98f03b4912059bcc8e
                                                  • Instruction ID: b16f9e91717cd4ff19e476400ed3d387c34f6df5791462d6fc6f24b1a55b4b5a
                                                  • Opcode Fuzzy Hash: 7289e2ed88b598942d336e402ba982efb99cecb9adb11a98f03b4912059bcc8e
                                                  • Instruction Fuzzy Hash: 20F0E23010E389CED3969B3880601B67FB1AE0230D348899FCBE3CA615D620AA03A752
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D0918, Relevance: .0, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d7348343d7a0659134da002a68f6093ab02233f365ed303e16744ffab5ff1f9a
                                                  • Instruction ID: 66d7d2558a2cd2e4aa9c4b224f43f0a7d4c2dd921a4b60c1a045a6a5efff48cf
                                                  • Opcode Fuzzy Hash: d7348343d7a0659134da002a68f6093ab02233f365ed303e16744ffab5ff1f9a
                                                  • Instruction Fuzzy Hash: 42E02B32F2531CABDB1059F999041AFBBE99785764F014577BD07D7304DD70CA0542D2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DCD68, Relevance: .0, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0e5b47b42a760325f40aab1a76aa3a07b42abcd399f6c1ce6ec3462151f97d22
                                                  • Instruction ID: 4f8f50ceefdb1a7d3efe6703a19ef9dd2520d535ff270eda413b04bff511cfa1
                                                  • Opcode Fuzzy Hash: 0e5b47b42a760325f40aab1a76aa3a07b42abcd399f6c1ce6ec3462151f97d22
                                                  • Instruction Fuzzy Hash: 5FF0E5727053A15BC35A627D682162F2BAB9BC472135981AFE446DB381CE255D0283EA
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D5CE0, Relevance: .0, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 05d015565b1c752433aa5fd5e3c5f2ae0f9cd6ef50878e9f08e65ec4d0971944
                                                  • Instruction ID: f8827e81186652a78a4f09d002635fad0f02f02e9e2c9f6582a0f07b45c804db
                                                  • Opcode Fuzzy Hash: 05d015565b1c752433aa5fd5e3c5f2ae0f9cd6ef50878e9f08e65ec4d0971944
                                                  • Instruction Fuzzy Hash: EBF03771E002199F8B80EFBD584569FBBFAEBC8720B11417AD509F3350EB349A018BE5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DE5A8, Relevance: .0, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8dec2e9b15a71e696c3280db47ee09939f7b1782db3bdfb3898993c2886f2e5c
                                                  • Instruction ID: d15d255a89b846978137f7725685c00c491402437ac7a029a42b4e4c3127e64c
                                                  • Opcode Fuzzy Hash: 8dec2e9b15a71e696c3280db47ee09939f7b1782db3bdfb3898993c2886f2e5c
                                                  • Instruction Fuzzy Hash: CBF0E5352087914FD322AB6885754BA7BB5DF8235439944AFD4C9CF342FE31CD068791
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D5D62, Relevance: .0, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7ff8db0efa5ddbcbdc84650afea045862c901c9f007d3d81ea36684f922fa38a
                                                  • Instruction ID: 87991b90f0a25b4e2174fe66ba7aef353d6db0b6e63299e7657131e6a67e2607
                                                  • Opcode Fuzzy Hash: 7ff8db0efa5ddbcbdc84650afea045862c901c9f007d3d81ea36684f922fa38a
                                                  • Instruction Fuzzy Hash: 20F0273060478B8FCB216B78850816A3FF55F9232471D40FFC496CB263D921890AD751
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D3BC4, Relevance: .0, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 232c6dfdd70f03661e626aa1bcae3cd6cd8848df087b8ecaed28f3e35fd59ea9
                                                  • Instruction ID: 33ef2e0e84f280e36037e55d33eb7d1120a967f72debb49298f5b9ac5d3698f2
                                                  • Opcode Fuzzy Hash: 232c6dfdd70f03661e626aa1bcae3cd6cd8848df087b8ecaed28f3e35fd59ea9
                                                  • Instruction Fuzzy Hash: CAF08CB1B0420CCFDB01DF98E4842ACB7B2FB94354B204256D909DB254CF349E45CB82
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D5FD1, Relevance: .0, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0c9a186ce4f4b7d76ebf10a91a3ec2de72acb213892c14b6d2a206c34df1f0cd
                                                  • Instruction ID: 6d7c0e5a258c6a66903e3b41e673afec13856586fef74753f3085f608fdb245a
                                                  • Opcode Fuzzy Hash: 0c9a186ce4f4b7d76ebf10a91a3ec2de72acb213892c14b6d2a206c34df1f0cd
                                                  • Instruction Fuzzy Hash: 23F01771E0030D8FCBA0DFB899466EEBFF4EB48314F10407AD509E2210E6355A159BA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DB680, Relevance: .0, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 748e283e9cd425e8751554da98a09922f0bfe1651d6fd293ac1ba04baec390b8
                                                  • Instruction ID: 55403d0d08ac03b94ab4840ee5aaf18ecaf302246d5b2378315609be7e8c0867
                                                  • Opcode Fuzzy Hash: 748e283e9cd425e8751554da98a09922f0bfe1651d6fd293ac1ba04baec390b8
                                                  • Instruction Fuzzy Hash: C5F0E2B2A08B408FC3219F6EA4410A2FFF5EEE522230989ABD1D5C2504DB3085068790
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DEAE9, Relevance: .0, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1f1de73b25e9519b14f8397ab8abb122d948884082333a4691b372f5d1e88144
                                                  • Instruction ID: c984023326ddf6d3bda5bd72b13dd6d5b02db771f1a335c6e443eb8d3e1f9a6a
                                                  • Opcode Fuzzy Hash: 1f1de73b25e9519b14f8397ab8abb122d948884082333a4691b372f5d1e88144
                                                  • Instruction Fuzzy Hash: 8FF0EC352153814FC3269B6885659AA7FE5DFC2314354446FC0CADF241EA319D0787A0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D6120, Relevance: .0, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: dcc9f789ae7e50895502db00698306dd8eb6c75cd042f3e9bf9c9dcbd56e57d1
                                                  • Instruction ID: d672f34d442073b1b0218468d70b9b45905935bc229077f13944477ff9390cb9
                                                  • Opcode Fuzzy Hash: dcc9f789ae7e50895502db00698306dd8eb6c75cd042f3e9bf9c9dcbd56e57d1
                                                  • Instruction Fuzzy Hash: 4EF0E53170435A9FC7255A39541066EB7FA6BC6324F15447BE105CB392DD654C0383A0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D54A1, Relevance: .0, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: abb0cb4b92e11b0d2d25ee8f67db875a3b301b55260d1b1b510eba5fdacd582a
                                                  • Instruction ID: 8e63c9f5cdb665d04b77b74457c28c146b9a49ddae961dc14be69e8934944cd9
                                                  • Opcode Fuzzy Hash: abb0cb4b92e11b0d2d25ee8f67db875a3b301b55260d1b1b510eba5fdacd582a
                                                  • Instruction Fuzzy Hash: 12F0E5302043A54FC72226BD10183993FE61F8A620B1E40DFC195DB263DD655D59C3B3
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D4700, Relevance: .0, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8efc97aa0e8f631a679857c7a3bb361cb0f8b3e9a8c7b21770b6876e87b0f2a3
                                                  • Instruction ID: a6429753ea845ee755def983165b2bf5e18d077b0c115463c648811698bf6c50
                                                  • Opcode Fuzzy Hash: 8efc97aa0e8f631a679857c7a3bb361cb0f8b3e9a8c7b21770b6876e87b0f2a3
                                                  • Instruction Fuzzy Hash: ABE022322083988FC75242A8A9043BE27E59BC7724F1B40BFD116CBA62D8394D028310
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DFF28, Relevance: .0, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8f36132c8478747553eeaffdefcb86d5b3be69927a89e27e20b6c711d025b271
                                                  • Instruction ID: 8ba407d648d9ce63aa1ca18877a738493350d6a0e6921ca8b94d59659d1d9602
                                                  • Opcode Fuzzy Hash: 8f36132c8478747553eeaffdefcb86d5b3be69927a89e27e20b6c711d025b271
                                                  • Instruction Fuzzy Hash: 19F05E35804219EFCB41EFA8C9009EEBFF5EF09310B00C0A6E659D7261E6318B61EB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 030C0938, Relevance: .0, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917558875.00000000030C0000.00000040.00000040.sdmp, Offset: 030C0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8388fa57679453dc7b04d871bb3dcfd317d9f8cb342853e5fed44ee7779b5e3e
                                                  • Instruction ID: dcc94a91f21f7aa6c7c8c7ac7ced8ebccafd75c697a9fa833a886c5281732f41
                                                  • Opcode Fuzzy Hash: 8388fa57679453dc7b04d871bb3dcfd317d9f8cb342853e5fed44ee7779b5e3e
                                                  • Instruction Fuzzy Hash: ECF0FB35104684DFC606CB00D540B29FBA6EB89718F24C6ADE9890B762C337D813DA81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D0D49, Relevance: .0, Instructions: 30COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 044122d9ac7a81f112277f6a61035f62dc21d3918298c3ee23c622e4db2554be
                                                  • Instruction ID: 7b3c3caaac0506ebc10bfe9fcc4ce8b06b764caf78efddd9b2ef8da334d843db
                                                  • Opcode Fuzzy Hash: 044122d9ac7a81f112277f6a61035f62dc21d3918298c3ee23c622e4db2554be
                                                  • Instruction Fuzzy Hash: AFF015317142098FCB649B38E88CA9C7BE6FB88315F20856AE546CB265DE759C098B51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DA6A8, Relevance: .0, Instructions: 30COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8151cf7ba240f190fe6cd5dae76fddb04da1ac781b68c66dbd93c1136d6fa1c3
                                                  • Instruction ID: 73581d93e62259ad09aa9759a15fdd1976c9f0dd967d7617634baa0850cca384
                                                  • Opcode Fuzzy Hash: 8151cf7ba240f190fe6cd5dae76fddb04da1ac781b68c66dbd93c1136d6fa1c3
                                                  • Instruction Fuzzy Hash: 5CF03032604309CBC718AA6DB45596E7BE7EBD5369328852DE10BCB340EE72DC078791
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D57A2, Relevance: .0, Instructions: 29COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d3f044e2074536478639f556f3c0df0fabc8d11c7a96e01491f9810f0b77b686
                                                  • Instruction ID: 4d2008f72394ba6846112f30c14902fc4e1869ebee6cfcb776977384bf489422
                                                  • Opcode Fuzzy Hash: d3f044e2074536478639f556f3c0df0fabc8d11c7a96e01491f9810f0b77b686
                                                  • Instruction Fuzzy Hash: F6F0E530F54305CFDB18A7B9E9112BD37729F84318F60817BD10AEB194EF245A018792
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D77B7, Relevance: .0, Instructions: 29COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1186fa2a8ec32aa2596a78e4b1ee57f1371437b07534d5281e3950a300af84f9
                                                  • Instruction ID: b9e66362c04711988a9c9d11e82f13997d1b8e4d96581bb2d9b69fb131f5b9aa
                                                  • Opcode Fuzzy Hash: 1186fa2a8ec32aa2596a78e4b1ee57f1371437b07534d5281e3950a300af84f9
                                                  • Instruction Fuzzy Hash: ABE03030B012554BCB18B3BD981139E63975FC0714F400869C506CB6D5EE208E018793
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D89D8, Relevance: .0, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c50868fe9f466df6ccb050003ac9374bdde7f7912431fe13029f12995f7fadc9
                                                  • Instruction ID: b16d735de43869eb04c79f6299487d691038b00d5719e6cac7a9d3968d850db5
                                                  • Opcode Fuzzy Hash: c50868fe9f466df6ccb050003ac9374bdde7f7912431fe13029f12995f7fadc9
                                                  • Instruction Fuzzy Hash: 38F0A73890828CAFCB01DFE4E89149DBFB4EF16305F2065E6D846D3342D6305B41CB52
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DD09E, Relevance: .0, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 802f3180214e474c1d9f69e3599b87fa814235c7d9d8b5e3a9015dff8de7825f
                                                  • Instruction ID: 782a662ff674c715ca5f086ccdce4f2124fbfad5cdee8932d79331a234286a5e
                                                  • Opcode Fuzzy Hash: 802f3180214e474c1d9f69e3599b87fa814235c7d9d8b5e3a9015dff8de7825f
                                                  • Instruction Fuzzy Hash: 98E0D82A3082D49FC75567BCA0214FD3B966EC52AA31941ABD146CB2D1DD158D07C353
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D8C38, Relevance: .0, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f928bc75289270d56c8c43c5645b8a37f0296e7ba462a5b235b7373a8dcc1bed
                                                  • Instruction ID: 7510744086dc2560491f66707dd181118c7f8afbe153728cbcea481531ecffc3
                                                  • Opcode Fuzzy Hash: f928bc75289270d56c8c43c5645b8a37f0296e7ba462a5b235b7373a8dcc1bed
                                                  • Instruction Fuzzy Hash: 74F0EC30B16726CFCB651BB8A9140583FB6F74975271500BAE942C3391CA344D00CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DC2D9, Relevance: .0, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0a0cff2347f28d5307b1ec5510a882e8e10525e066c6216782a8e9b24cfc236d
                                                  • Instruction ID: 1745b112d1bb92c5c88240791deeed34feae72c82376becf31e84eddd72b0bbc
                                                  • Opcode Fuzzy Hash: 0a0cff2347f28d5307b1ec5510a882e8e10525e066c6216782a8e9b24cfc236d
                                                  • Instruction Fuzzy Hash: A8F03436200B408FC321CF69E544813B7F6FF883207168A6EE49AC3A15C730F904CB65
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D6880, Relevance: .0, Instructions: 27COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2ffc6331ae97eb8ef7ae950db216f2b6bcff923e1edb7c4d36f1b35b6b35dd19
                                                  • Instruction ID: 5c756eaef3904b971463fa885fcd123209e2f3d93fe767ba155b76e7b207c165
                                                  • Opcode Fuzzy Hash: 2ffc6331ae97eb8ef7ae950db216f2b6bcff923e1edb7c4d36f1b35b6b35dd19
                                                  • Instruction Fuzzy Hash: 7CE06170D0C34DCFD7205BAC60116A83FD99F41318B1840AFCD05C7192D6954D009B91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DAFFF, Relevance: .0, Instructions: 27COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f97b8c8b8c37284ea9e15bf8ea351bda925b54261c53a89efb0d4896118a3f10
                                                  • Instruction ID: 1a47fdcf681b8453f8732870d8a9d347a10887fcb1a4066133cd786dfb53f2bf
                                                  • Opcode Fuzzy Hash: f97b8c8b8c37284ea9e15bf8ea351bda925b54261c53a89efb0d4896118a3f10
                                                  • Instruction Fuzzy Hash: 2DE022307093848FCB812FBC90291287FE2AF6B30232100EBD48AC7392DD318D018715
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 030C05F6, Relevance: .0, Instructions: 27COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917558875.00000000030C0000.00000040.00000040.sdmp, Offset: 030C0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5db7182cb53ad297c7f323762d7f462351936d5bfed186d273625c8299379aaa
                                                  • Instruction ID: a34ed9e78383efca0744d8ecfe87fce23e1896e365a690d51d6ee6e897227167
                                                  • Opcode Fuzzy Hash: 5db7182cb53ad297c7f323762d7f462351936d5bfed186d273625c8299379aaa
                                                  • Instruction Fuzzy Hash: 3FE06D766446005BE650CF0AEC41452FBD8EB84630718C07FDC0D8B710E536B5088EA5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DE5B8, Relevance: .0, Instructions: 26COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6a9af2dfdc0693e31a030cc95a28929742117a17b1e8bb0055eb70f7127a5f9d
                                                  • Instruction ID: b4b6395f584f3c80fbc71b577e37314987f443dc09c9d632518c2713abd957c1
                                                  • Opcode Fuzzy Hash: 6a9af2dfdc0693e31a030cc95a28929742117a17b1e8bb0055eb70f7127a5f9d
                                                  • Instruction Fuzzy Hash: 00E0DF322003158B8220A65DC52086E77BACBC1664384842EE40ACF340FE72DD0687D0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DE5F9, Relevance: .0, Instructions: 26COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b0d3ea287cecc6992a782abbfa4290c61b91ccca083d0886f58269c7091eb8cc
                                                  • Instruction ID: 38afd9635410081fd2dd017c8e783649bb9fb46301dfb0e134f371d4ca951625
                                                  • Opcode Fuzzy Hash: b0d3ea287cecc6992a782abbfa4290c61b91ccca083d0886f58269c7091eb8cc
                                                  • Instruction Fuzzy Hash: 7CE0123011D7D8CFC7734B6474645B67FA49A4631571849ABD0C6CA552D5219906C3A2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D6130, Relevance: .0, Instructions: 26COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cd86d2bc4bd80059fb7e90ceb5003b4745623f34a6cbd602fb789db4af2ed901
                                                  • Instruction ID: 138980ee6f04b64fdc741926d28b5e06c04458d149152d72f87a31571d1320df
                                                  • Opcode Fuzzy Hash: cd86d2bc4bd80059fb7e90ceb5003b4745623f34a6cbd602fb789db4af2ed901
                                                  • Instruction Fuzzy Hash: BAE0863130031AA7C624627EA41072FF3EF5BD9765F65443AD206C73C4DC629C0243E4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D8C48, Relevance: .0, Instructions: 26COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b9cfe5761c7d416444b12e3bda8ae0f1362a2b2f3a3bb68882fb10ec9bd7e5fd
                                                  • Instruction ID: d510a2b84e60071dd741c1517537a829a30acd1ed020351c91a974e6f917bd04
                                                  • Opcode Fuzzy Hash: b9cfe5761c7d416444b12e3bda8ae0f1362a2b2f3a3bb68882fb10ec9bd7e5fd
                                                  • Instruction Fuzzy Hash: 0DE09B31F12325C7C77517BC941461977EBE78C7A23200179E906D3384CE708C0087D1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D63B9, Relevance: .0, Instructions: 26COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6b3c2454bd6681a80f5c8a115a55559bbc3fb1d864040c38040d2641e12a91c2
                                                  • Instruction ID: f1a3289a250b40ae5def06d7a532baefcf36f287784942361736b2bf8de53838
                                                  • Opcode Fuzzy Hash: 6b3c2454bd6681a80f5c8a115a55559bbc3fb1d864040c38040d2641e12a91c2
                                                  • Instruction Fuzzy Hash: 7CE026357013951FCB255F7D981057E3BEABFC272070584AED402CE392DE288C069391
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D5FE0, Relevance: .0, Instructions: 26COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f53600b4b7ff38d7e0e86b424e3770224b60a760e65fb6e632a84d9b59fc7d63
                                                  • Instruction ID: 9b5f20716aff78a477f92590df85f89b861c3c3229e17ab18dbd1048cee0c9c9
                                                  • Opcode Fuzzy Hash: f53600b4b7ff38d7e0e86b424e3770224b60a760e65fb6e632a84d9b59fc7d63
                                                  • Instruction Fuzzy Hash: 4CE0A571E0030A9FCF60EFB998496EEBFF8EB48354F100476D109E7240E2355A118BA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D46B8, Relevance: .0, Instructions: 26COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1b51684090ee0106ae164d7b346fa90307e46d7f515b6249da1cef73d66da92b
                                                  • Instruction ID: dd2056dcc900e1d6feabe20ec1bdb035db767a6e5e5349ad4275010b05cba8a8
                                                  • Opcode Fuzzy Hash: 1b51684090ee0106ae164d7b346fa90307e46d7f515b6249da1cef73d66da92b
                                                  • Instruction Fuzzy Hash: CAE08C31300229C7DB2136FDB4242AE37CAEF81398B1480A6F10BCBA55EE26CD0143C2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DEAF8, Relevance: .0, Instructions: 26COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a72577e0025f1a0bd56f5e753573f1a5a4b0fbdb8823ebcde96344fe30dd9eb4
                                                  • Instruction ID: cf5e18a591e839ead575d38de832ddba6c902edf6b4fa09718ed2e8e87381d84
                                                  • Opcode Fuzzy Hash: a72577e0025f1a0bd56f5e753573f1a5a4b0fbdb8823ebcde96344fe30dd9eb4
                                                  • Instruction Fuzzy Hash: 85E0DF323007154BC224EA9DC42592E7BAADBC2624380842EC40BEF340EE72ED0687A0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06B30A95, Relevance: .0, Instructions: 26COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.923006563.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c2914d5a0e93e12c4a128146de09202aad626fcb490be7f6d9962c4821f78093
                                                  • Instruction ID: 92dad08e419233c44149481613f3f791997e9971d5f50212e584963d22178caa
                                                  • Opcode Fuzzy Hash: c2914d5a0e93e12c4a128146de09202aad626fcb490be7f6d9962c4821f78093
                                                  • Instruction Fuzzy Hash: 0FF0A0B1B04264DFEB74A758F8087A877A5FF40718F0480D6D1469B0D0CBB45980CBA2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DFD28, Relevance: .0, Instructions: 25COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: baaaabda22b6d64500c1bc8bd9abaa55b95158139fe440b4f6d0cde22d2f5460
                                                  • Instruction ID: c05714cfca6f3c876bf49cb79fd32f8bca38c18a3922af306fed009f1bc0e806
                                                  • Opcode Fuzzy Hash: baaaabda22b6d64500c1bc8bd9abaa55b95158139fe440b4f6d0cde22d2f5460
                                                  • Instruction Fuzzy Hash: 3EE0863020A71DCB43999525C51093673B9AE4230D340851FCB67CEF14C671FB43A792
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DD0B0, Relevance: .0, Instructions: 24COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2ef4784afcd70a304ee822d6aafe29adf2831dc0737c8387f4fc254519b5d9cf
                                                  • Instruction ID: 455599ecc3276e92c69f11d4227a34dd10f8ed65e5b68904c5e21d684d727236
                                                  • Opcode Fuzzy Hash: 2ef4784afcd70a304ee822d6aafe29adf2831dc0737c8387f4fc254519b5d9cf
                                                  • Instruction Fuzzy Hash: 52E01221304218DB861466ADA01187E779EAAC56EA719916BA507C7290DD529D03C3A2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D89E8, Relevance: .0, Instructions: 23COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3e051d4ff0a8627db29d25173993d94b649a07476e84d51038fbfb470585f877
                                                  • Instruction ID: 2ebe137bf38089d0ae8d4b08e51928922c4c4ae6414ddf11c254e15b6bfd62d0
                                                  • Opcode Fuzzy Hash: 3e051d4ff0a8627db29d25173993d94b649a07476e84d51038fbfb470585f877
                                                  • Instruction Fuzzy Hash: ABE0E578D1820CEFDB04DFA9E085A9DBBB5FB49305F10E5A9D808A3340DB306A85DB42
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D8AC0, Relevance: .0, Instructions: 23COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6f0a999942bb4f733b983c517aa135db7ea96c3bdf9ea97bda0abe39d8ca6fd0
                                                  • Instruction ID: 42127e679c728391f22633f0abfdd946b9f9a1a1370f4c343bb49eacb012836f
                                                  • Opcode Fuzzy Hash: 6f0a999942bb4f733b983c517aa135db7ea96c3bdf9ea97bda0abe39d8ca6fd0
                                                  • Instruction Fuzzy Hash: 10E0753410830ECBD711EB5CE8889A93B65FB913587148A17E402CB12CDF74AE15CB97
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DB631, Relevance: .0, Instructions: 23COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cda32326f9ae8fc340a958c7551094024f14a7c54db7dde4b58676c4ba0d2cc2
                                                  • Instruction ID: d98dda6c90a044ee65a1554122ac524fc5a0d10eafae1d5271445e6efbe65829
                                                  • Opcode Fuzzy Hash: cda32326f9ae8fc340a958c7551094024f14a7c54db7dde4b58676c4ba0d2cc2
                                                  • Instruction Fuzzy Hash: FBE03230100B40CBD3618E19E384652B7E2FB45359BA2A87EE08BC7E24E775E9808B00
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D54B0, Relevance: .0, Instructions: 22COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a40d4972e29054f12a4cd38f748331c2ce6d899e53084e2a4deeeeab3d453513
                                                  • Instruction ID: f6720ff27af9f78bf89303bf6e39c11b7d57fb49dfbb89137ae19e4dedcbfc0e
                                                  • Opcode Fuzzy Hash: a40d4972e29054f12a4cd38f748331c2ce6d899e53084e2a4deeeeab3d453513
                                                  • Instruction Fuzzy Hash: 87E0C23131066587C62472BE102432E7ACB1BD9A54B5D40AFC1AAD7753DC628D2583E7
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DEB38, Relevance: .0, Instructions: 21COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 649bfb8b60e77e65402851a67d81add0845bb7d27a52df42da81dd85efb41160
                                                  • Instruction ID: 20ba1c435bd43bc5c4ac40a345d295f544a7523ada980b07a6538d8f5360872b
                                                  • Opcode Fuzzy Hash: 649bfb8b60e77e65402851a67d81add0845bb7d27a52df42da81dd85efb41160
                                                  • Instruction Fuzzy Hash: 4BE04F3000E3989FC3164B2054944B17F709A4270970589DFE0CB9F592C671AF15C760
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D5DEA, Relevance: .0, Instructions: 20COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b51e0bbd5ebd0f8c8b364f3fab37e5b0ffc39bba62c0da6ddecd24d25f43e50c
                                                  • Instruction ID: ce5b23c59469938d4a350ff07f07ebf69904dbd3a21ee5574bc4a7cdb664e61d
                                                  • Opcode Fuzzy Hash: b51e0bbd5ebd0f8c8b364f3fab37e5b0ffc39bba62c0da6ddecd24d25f43e50c
                                                  • Instruction Fuzzy Hash: 8BD05E31A293564FCF9A66B818204BE2BF65A9272534585AFC406CB7A2DC584D018792
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D0170, Relevance: .0, Instructions: 20COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 987802db7ee9d0572a95ec9b064e4459a711d947cc1e9d4144cdefdde9797216
                                                  • Instruction ID: 8b5eb97fe12cb3e6b37b4b6a127359cdf8b4e0119d2cd4f7982fd7ed915edb41
                                                  • Opcode Fuzzy Hash: 987802db7ee9d0572a95ec9b064e4459a711d947cc1e9d4144cdefdde9797216
                                                  • Instruction Fuzzy Hash: D3E08C70219340CFC766AB70951A05C3FB5BF4622470005BEC806CB7A1EA7A8841DB01
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D6890, Relevance: .0, Instructions: 20COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9f6a522e54b80a9b1ffcbd1e0604b222f650ce05843a9c5b022059694dee3629
                                                  • Instruction ID: 64ec3def064911ac4dcc5050b930bafae3033a5205d702bd6e5144e4c365dc16
                                                  • Opcode Fuzzy Hash: 9f6a522e54b80a9b1ffcbd1e0604b222f650ce05843a9c5b022059694dee3629
                                                  • Instruction Fuzzy Hash: 3CD05B71A0C35DC7EB2026DDA40566937CD9B40759F680065DE06C7281EAC54D4057D6
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D63C8, Relevance: .0, Instructions: 20COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6bbafb69441442aeefe42008eedd1bfa2985f578447f9688a763b73d09975989
                                                  • Instruction ID: 8c0028f73846bf850e5782af52db98b668927377b9f6a935b9b14a0a7a1233b5
                                                  • Opcode Fuzzy Hash: 6bbafb69441442aeefe42008eedd1bfa2985f578447f9688a763b73d09975989
                                                  • Instruction Fuzzy Hash: 9FD0A7267013691BDA286B7F5814A3F338FABC0A54B14886CE506DE381ED15DC0503D9
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D7950, Relevance: .0, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2a44133571ce9a87e4ea3cbe3b9567f8259663bd638c34e19de96791fbe4fd51
                                                  • Instruction ID: c13aed9df12239263ecf6ce9573b59f4a0cd58e52b74b87e18e7b5a822916b4b
                                                  • Opcode Fuzzy Hash: 2a44133571ce9a87e4ea3cbe3b9567f8259663bd638c34e19de96791fbe4fd51
                                                  • Instruction Fuzzy Hash: 8FD02B3300C358FBD3354638D404772BBD85B4571CF04065ED083CA910C6AAE289C392
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DA860, Relevance: .0, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2a44133571ce9a87e4ea3cbe3b9567f8259663bd638c34e19de96791fbe4fd51
                                                  • Instruction ID: 676c50f03c549c4d5b4cbfeb917835b89df013292f0ca9277e43cca72735bbb1
                                                  • Opcode Fuzzy Hash: 2a44133571ce9a87e4ea3cbe3b9567f8259663bd638c34e19de96791fbe4fd51
                                                  • Instruction Fuzzy Hash: 1AD0C2318083588BD33D4635A806762BBE86B0532CF14046EC8438B9508A61E686C3D2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D57F6, Relevance: .0, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 153a34c3dc347f7c7b2721697621c855ae08e16ecb3af4b747936588e9aa6e1f
                                                  • Instruction ID: 6839bd17a91815f05e32bb3231782d5fa05482df6006c43dbb50e1433660eefc
                                                  • Opcode Fuzzy Hash: 153a34c3dc347f7c7b2721697621c855ae08e16ecb3af4b747936588e9aa6e1f
                                                  • Instruction Fuzzy Hash: 52D01231F44208CBCB18A7F9A9165EDBBB59B84329B40547BC107EA544EF20454657D2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D02A0, Relevance: .0, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 025383de9ed4a15866d3a40cbcc53d7a7fe1789a2f699dce473a038633a4dcd8
                                                  • Instruction ID: f252a27a75ba5a25463db6f8fb420b3263c2d6a2df721f1ef20173d88cf5350d
                                                  • Opcode Fuzzy Hash: 025383de9ed4a15866d3a40cbcc53d7a7fe1789a2f699dce473a038633a4dcd8
                                                  • Instruction Fuzzy Hash: 43E0C234509B48CFC3629B64D52A486BBF0FB81300B04884FD493CA998CB24AE00C701
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DE608, Relevance: .0, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b534a6ab4e47680e48dab863f821f13023a2c014cea2633b6ca358c242b8bfca
                                                  • Instruction ID: 2000b6778823a10fa2ac52e7d01269709e897036c18c3b29d172138c878df17a
                                                  • Opcode Fuzzy Hash: b534a6ab4e47680e48dab863f821f13023a2c014cea2633b6ca358c242b8bfca
                                                  • Instruction Fuzzy Hash: 26D05E3111832CDBCB661EA4B410576B3D8A709719B00486AE44BCE140CA32AE01C3A1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06B31328, Relevance: .0, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.923006563.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5e480f4f38d7b1d4aa75897fdd3c4906098d22703c8b8763141d53b15bcff23b
                                                  • Instruction ID: ca4952a19a95103bef5cca26625a2440b4191c39f18ca5de7a0d2618b411ebc1
                                                  • Opcode Fuzzy Hash: 5e480f4f38d7b1d4aa75897fdd3c4906098d22703c8b8763141d53b15bcff23b
                                                  • Instruction Fuzzy Hash: 37D0A7363002651BD608E6ADD85587E73DFDBC5524308886DE509CB341CC63DC0647D0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D064F, Relevance: .0, Instructions: 18COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: de7714a1904d5cbcfb7132a3fe0db7a4c68dc1a6458d2db29391759262aa3598
                                                  • Instruction ID: 28335aa0e8675a9dd8b236bbf5c5bd2021d77c245cd1f52347b0bd3257a1fcb7
                                                  • Opcode Fuzzy Hash: de7714a1904d5cbcfb7132a3fe0db7a4c68dc1a6458d2db29391759262aa3598
                                                  • Instruction Fuzzy Hash: 55D0A571C45354CFC3A54BB054150ED7774DFD231DF1448B7D402C5412D67557438B51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06B31361, Relevance: .0, Instructions: 18COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.923006563.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 24e8e5e5530b9aa2b1010a8259ed58803f4b625f5bde5c945e5421b5f99a66ac
                                                  • Instruction ID: 2a7b3709f0faaf197a06eadbf3962d1ada9dadb466ba608006736c813aa1a3ec
                                                  • Opcode Fuzzy Hash: 24e8e5e5530b9aa2b1010a8259ed58803f4b625f5bde5c945e5421b5f99a66ac
                                                  • Instruction Fuzzy Hash: 18D05E29A0D7C48FCB636BB864600E87FB8CE0612170844CBD5DC87A53E95464169792
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D5DF8, Relevance: .0, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d694422ef46895ff0b628007a022cc7761255f3f9cf869a4c189af01c725ddb0
                                                  • Instruction ID: 4f82f92daddd2b1464d12fc824a916592e6678245c047c985cc6fc4c82628ace
                                                  • Opcode Fuzzy Hash: d694422ef46895ff0b628007a022cc7761255f3f9cf869a4c189af01c725ddb0
                                                  • Instruction Fuzzy Hash: E0C08C32B2532A578E1871BE18248BF23CF0AD5B3A380897F900BCB780EC418E0003D2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D46A9, Relevance: .0, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 12746511f10e04234748c4b784112a5303b1920cb906b890093282a1239fb77a
                                                  • Instruction ID: 7aa5918d596743de512daaf63a2a9a9b0a336893a236b3c92cb3b3135283901b
                                                  • Opcode Fuzzy Hash: 12746511f10e04234748c4b784112a5303b1920cb906b890093282a1239fb77a
                                                  • Instruction Fuzzy Hash: ECD0A7309443408FC7F24FB4A8505E93FB8AF42360F0140ABE801DE576D61D9D42C791
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D7400, Relevance: .0, Instructions: 15COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9a0939ec5680cffb9ecca245d0aafbbebb033a67d769e75d7ec85179cdc98f5e
                                                  • Instruction ID: 2717cbf42dca05b684b926623162c59d4533b4e4538a0ca208dcd7b6908ad800
                                                  • Opcode Fuzzy Hash: 9a0939ec5680cffb9ecca245d0aafbbebb033a67d769e75d7ec85179cdc98f5e
                                                  • Instruction Fuzzy Hash: 47D0423AA011048FD705DB88D5949D9FBF2EB88325F28C1A6D915A7251C732EE56CA50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DEB48, Relevance: .0, Instructions: 15COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c46e03cad0e7b40e41ff7c54bd1740ae4c8d5575a1bd3a9e28a8f2e014a72d79
                                                  • Instruction ID: 654c9fd016b3d9c5a347daa0a8fb4b07881306f19a80667cf2cf2f52e7f0fe6e
                                                  • Opcode Fuzzy Hash: c46e03cad0e7b40e41ff7c54bd1740ae4c8d5575a1bd3a9e28a8f2e014a72d79
                                                  • Instruction Fuzzy Hash: 3CD0C93111A31CDB83245A55D494472B7A9AA45B2AB00886ED04BAF6508B72BE0087A4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06B3127D, Relevance: .0, Instructions: 15COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.923006563.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a77d41b9860738061a5fc71b9e165b329a4775db3ad538c04159ea68503a5dbb
                                                  • Instruction ID: cea540ad381c33f6db219f42792eef7af30574d81b3ca0e37f0f20b10eef5a9a
                                                  • Opcode Fuzzy Hash: a77d41b9860738061a5fc71b9e165b329a4775db3ad538c04159ea68503a5dbb
                                                  • Instruction Fuzzy Hash: 89D0C9F470C139CEFBE44A4CDF04730736D9787215F0596EBD41BC9446866A90228ADB
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06B312E8, Relevance: .0, Instructions: 15COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.923006563.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1e188b339fe3f7617256f04bd9a9ad7e696a57f65f66c5fa1b5577909131d613
                                                  • Instruction ID: 567642d34e1a79feaabe9b28d9a9883cede6e0930af55def3068abd04a3fcea5
                                                  • Opcode Fuzzy Hash: 1e188b339fe3f7617256f04bd9a9ad7e696a57f65f66c5fa1b5577909131d613
                                                  • Instruction Fuzzy Hash: 88D0C9F021C269FAEBA06A6D650A2357BDC6719A43F0420F2F04785980DE659884D7B3
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D5F50, Relevance: .0, Instructions: 14COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cd7e23cd05d5809fec920b61568a817fca9e05727bb209da6661b5d11a184241
                                                  • Instruction ID: 8f80f8ff43638c450c11eccfbde1fd9c138f0b47819b41d69f7aee68fb65a2ba
                                                  • Opcode Fuzzy Hash: cd7e23cd05d5809fec920b61568a817fca9e05727bb209da6661b5d11a184241
                                                  • Instruction Fuzzy Hash: EDD0123454D345AFCBA20F7095410593FF8AD42324F0500EBD886CD166D6689D46CB52
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D5478, Relevance: .0, Instructions: 13COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: dcbb9a4bfbba94c669b14fc9f4f6f2a64c8cc1daded4ca1c4852be11dc0b7b30
                                                  • Instruction ID: cce460d98ab3065cccb21e94e08dc00b763048f78ae5a7e8d0da4b6999851217
                                                  • Opcode Fuzzy Hash: dcbb9a4bfbba94c669b14fc9f4f6f2a64c8cc1daded4ca1c4852be11dc0b7b30
                                                  • Instruction Fuzzy Hash: 5BD0C9A02043088BD63117A8A48D72E3FBDA70030AF0440CAD006E9496DB714350DF53
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D7EDE, Relevance: .0, Instructions: 13COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 08c50473c6e715cb0a551a18ad4e19a9271150db552e8dcd1006918a223a6711
                                                  • Instruction ID: 3399497f7b3bee54d51604a4f3c26f62cb13e368dffe05257145d5aa3508d981
                                                  • Opcode Fuzzy Hash: 08c50473c6e715cb0a551a18ad4e19a9271150db552e8dcd1006918a223a6711
                                                  • Instruction Fuzzy Hash: 41D05230A00208CFCB62CF71DA1089D77F1EB0A328B20072ADA02AB3D4E3385E008B00
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D0180, Relevance: .0, Instructions: 12COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 204a2f7cc5c6611f2b4730717ff07362a7089ed2b871defe49be09095f81302b
                                                  • Instruction ID: 9f47fb46d6108ba41d744448c50084694c7e413e944d880472afec24ccb89409
                                                  • Opcode Fuzzy Hash: 204a2f7cc5c6611f2b4730717ff07362a7089ed2b871defe49be09095f81302b
                                                  • Instruction Fuzzy Hash: 70D01270311304CFCB297B70E01E41C37AAAB48305B00087CD8068B794DF3AE840CB04
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D5D70, Relevance: .0, Instructions: 11COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 27569efa10fcbdc0340cd88abf51887a6424b340af404ed4e3168735330a9162
                                                  • Instruction ID: 96c62df859cf30ed650e25ec84e182cf8a4cc0ebc9b7ef54b4ae56511aac6b3b
                                                  • Opcode Fuzzy Hash: 27569efa10fcbdc0340cd88abf51887a6424b340af404ed4e3168735330a9162
                                                  • Instruction Fuzzy Hash: 17C04C20614B098FDA7527B5691E62D3BAC5B40759780017AA40BCE155EE24A50147E5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D0660, Relevance: .0, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8e771fb7ff8a829edb6023228950ae2176b14680f09c18247ec70137ed61c9f0
                                                  • Instruction ID: aae5c0cb469d588d464fcfc6ae478bb9403f759dad42d0b63784d4d1358f3122
                                                  • Opcode Fuzzy Hash: 8e771fb7ff8a829edb6023228950ae2176b14680f09c18247ec70137ed61c9f0
                                                  • Instruction Fuzzy Hash: C8C02B7004531CCEC2741670380543D731D97C030EF60C435F502400118932B5518A51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018DCE79, Relevance: .0, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 29c2c2cee991386332a0b4b599f2bb3a3412f272e202ea6883d76d486f7e4e11
                                                  • Instruction ID: dc86ed8f726b28df7a67530a4cdc8b33cfb38b7fdb3701532171940c7adb8473
                                                  • Opcode Fuzzy Hash: 29c2c2cee991386332a0b4b599f2bb3a3412f272e202ea6883d76d486f7e4e11
                                                  • Instruction Fuzzy Hash: EFC08C0244828045E7024B4058EF0480B11DFF2308BE72097C060C1002C11CC0028318
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06B30EB7, Relevance: .0, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.923006563.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 520476b444b8e0cf92b52d07bfae02555f6528a4f5bd192d6b7760b019f690da
                                                  • Instruction ID: 92618fe5dabfbb58bcc665a489847348790538252de1ae02b931a37c97f683b4
                                                  • Opcode Fuzzy Hash: 520476b444b8e0cf92b52d07bfae02555f6528a4f5bd192d6b7760b019f690da
                                                  • Instruction Fuzzy Hash: 9FC0126280C3C29BEB87DBB8CD48042BFB46E1321038950EBC0848E1A3D60886008622
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D5F60, Relevance: .0, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 574e35e3d4420cf8ebb4784920445219f1fea833e6f5597f767856de367cbfd1
                                                  • Instruction ID: 3eca68ed9bef46aaf3173de04de8305aac32362ad834665ed29988bd704e9553
                                                  • Opcode Fuzzy Hash: 574e35e3d4420cf8ebb4784920445219f1fea833e6f5597f767856de367cbfd1
                                                  • Instruction Fuzzy Hash: 13B09230644B09CB86702BB56A0C2653BED9904B09B441096E50FC8149EB2195014762
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 018D7424, Relevance: .0, Instructions: 8COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.917419025.00000000018D0000.00000040.00000001.sdmp, Offset: 018D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9331830965d72d12fcbefa973c87c0cf332396a92bd300e1243d284f656f33ac
                                                  • Instruction ID: 44012ddfd03c27071534148b31d92e94c348c0974d40c56434c96f1619980571
                                                  • Opcode Fuzzy Hash: 9331830965d72d12fcbefa973c87c0cf332396a92bd300e1243d284f656f33ac
                                                  • Instruction Fuzzy Hash: 23B092B7A05108C9DB009A84B4813EDFB20F790329F104033C71092000D23202648691
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06B31370, Relevance: .0, Instructions: 8COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.923006563.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 99917cea30de5b25f546a232fd7198ba8d722f91b089663daaf90a317ff8d7b5
                                                  • Instruction ID: f97fda37d05fc9156c1d8af730529d04fc119a8beff914cbcfd6013f8cd6e995
                                                  • Opcode Fuzzy Hash: 99917cea30de5b25f546a232fd7198ba8d722f91b089663daaf90a317ff8d7b5
                                                  • Instruction Fuzzy Hash: 89B01230A40B0C47CDA137F8A40805D778C0D40701FC00455580D8B242BD6865004652
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 06B30ED8, Relevance: .0, Instructions: 4COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.923006563.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ab6701bee1c5e32e64218b972f078ee236375cfa15a2c4ae52ecc4efbe140b84
                                                  • Instruction ID: d338e49962f711c8528e89c2fd454ef17d1e0a5957dcc44a2a10d6246d6dee76
                                                  • Opcode Fuzzy Hash: ab6701bee1c5e32e64218b972f078ee236375cfa15a2c4ae52ecc4efbe140b84
                                                  • Instruction Fuzzy Hash: D4A02238F002B2CBAB00F320E0000233332AB8C3003E08080C00008020C02A0C000080
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Non-executed Functions

                                                  Analysis Process: purchase order Nl32855 (1).exe PID: 4864 Parent PID: 968 purchase order Nl32855 (1).exeCOMMON

                                                  Executed Functions

                                                  Function 05590EE0, Relevance: 4.0, Strings: 1, Instructions: 2717COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 2S/p
                                                  • API String ID: 0-1468348046
                                                  • Opcode ID: d786e0c7d3da597119d7eff6f451bb9cb1380556c5fed6b1753d84d478eea17e
                                                  • Instruction ID: f9aa549133f1b10ef21b91f5878031d7c606e76bfaa66e6a841e59d7ea9e599d
                                                  • Opcode Fuzzy Hash: d786e0c7d3da597119d7eff6f451bb9cb1380556c5fed6b1753d84d478eea17e
                                                  • Instruction Fuzzy Hash: 1163B674A01618CFDB64DF24C898B99B7B2FF8A305F5151E9E509AB3A1DB316E84CF01
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0856B1A0, Relevance: 2.7, Strings: 2, Instructions: 164COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.707596182.0000000008560000.00000040.00000001.sdmp, Offset: 08560000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: :@fq$x{yE
                                                  • API String ID: 0-1723255314
                                                  • Opcode ID: 14ba8ddf1158a7052ce8f3e8f4d89dc7599501f9a7b3760acbbe815c6eae014e
                                                  • Instruction ID: 253ff5fdefe460307243cd1e1b549f305d753cc3eb6279715a0eb1cc42c8241f
                                                  • Opcode Fuzzy Hash: 14ba8ddf1158a7052ce8f3e8f4d89dc7599501f9a7b3760acbbe815c6eae014e
                                                  • Instruction Fuzzy Hash: 0C71F0B4E0120DDFDB84DFA5D5846AEBBB6FF89311F20806AD806AB354DB345A01CF55
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05596C28, Relevance: 1.6, Strings: 1, Instructions: 352COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: >_kq
                                                  • API String ID: 0-4149988037
                                                  • Opcode ID: 47a17b57ee36a433c0021937e4b95e1b7fe8b91856e75008ac2bf5c3e74b7663
                                                  • Instruction ID: 9e8e4c4026bbb4babd8cddf3a641a79d44f5bd23163bcf7541d0ae979a6e6aba
                                                  • Opcode Fuzzy Hash: 47a17b57ee36a433c0021937e4b95e1b7fe8b91856e75008ac2bf5c3e74b7663
                                                  • Instruction Fuzzy Hash: 4BE18970925209CFEF08CF99C584AECBBB6FF49304F25D15AC409AB255CB799985CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05596C18, Relevance: 1.6, Strings: 1, Instructions: 350COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: >_kq
                                                  • API String ID: 0-4149988037
                                                  • Opcode ID: 0d373de730b12ba947fd1604d3c67e72fb122773b6949ed4ab88be9e59097691
                                                  • Instruction ID: 552f9bca51ff48a2a5b2425300dd444e2ec7ad88d36fbcc347fbbe33cb8aebd9
                                                  • Opcode Fuzzy Hash: 0d373de730b12ba947fd1604d3c67e72fb122773b6949ed4ab88be9e59097691
                                                  • Instruction Fuzzy Hash: 27F17A74925209CFDF08CF98C584AECBBB6FF49304F25D15AC409AB255C779A985CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 085681CF, Relevance: 1.5, Strings: 1, Instructions: 281COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.707596182.0000000008560000.00000040.00000001.sdmp, Offset: 08560000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: %
                                                  • API String ID: 0-155621495
                                                  • Opcode ID: 7e9ad0d34a1bde0c60ed2bc9118bf7564c12d91d93f2728bfe777ba4b45f2bf2
                                                  • Instruction ID: ef40486ecbb72b82e32eb196269203e6f058040b77b0e6cd8f06d5c3d4403b8d
                                                  • Opcode Fuzzy Hash: 7e9ad0d34a1bde0c60ed2bc9118bf7564c12d91d93f2728bfe777ba4b45f2bf2
                                                  • Instruction Fuzzy Hash: 20D1637491124ACFCB84DFA8E28899CBBF5FB48316F1180AED0159B362DB749D81CF14
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 085681E0, Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.707596182.0000000008560000.00000040.00000001.sdmp, Offset: 08560000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: %
                                                  • API String ID: 0-155621495
                                                  • Opcode ID: b23738f040a08187e90dfe0a615b5fd22248e894d2b4922b06ffe6f6287e165c
                                                  • Instruction ID: eaee52d688f6a6acf26617ab79bdb8fce45a04944bc25db4d98e03185cc7ac24
                                                  • Opcode Fuzzy Hash: b23738f040a08187e90dfe0a615b5fd22248e894d2b4922b06ffe6f6287e165c
                                                  • Instruction Fuzzy Hash: 27D1527491120ACFCB84DFA8E28899CBBF9FB48316F1180AED415AB352DB749D81CF54
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05595758, Relevance: .4, Instructions: 364COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a17053556bf30e7f8f876abe8601b6116ebf57773d61ccbe1ca3cdf956a6ef66
                                                  • Instruction ID: 78079d4464452d460081f0a4dece09850d2a9fdb374efaadc927cd1970d7642a
                                                  • Opcode Fuzzy Hash: a17053556bf30e7f8f876abe8601b6116ebf57773d61ccbe1ca3cdf956a6ef66
                                                  • Instruction Fuzzy Hash: 68F1D370D05218CFDF29CF66C884BEDBBB2BF89304F1480A9D509AB265DB755A99CF40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05597F98, Relevance: .3, Instructions: 266COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0c2ae06b63c46346ea7b3ddf7fc7ff1acfb1485841773d9e6251557de0feccc6
                                                  • Instruction ID: 93174e82d122d718aff67ab511800da217e4ecd376765f9308bbe9ea4efb846d
                                                  • Opcode Fuzzy Hash: 0c2ae06b63c46346ea7b3ddf7fc7ff1acfb1485841773d9e6251557de0feccc6
                                                  • Instruction Fuzzy Hash: 67B1B274D05609DFCF18CFA9C484AEEBBF6FF4A300F249519D819AB205D778A985CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 08560C99, Relevance: .2, Instructions: 244COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.707596182.0000000008560000.00000040.00000001.sdmp, Offset: 08560000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1c83d8e5a883e5a2242f7b511a901beaa79efba078e8377d0fdde9e674f50ed8
                                                  • Instruction ID: b71185b18e6780e46ac7a9e7fba4634c9bc4c7fa853a401298c6b1dbd8a174f0
                                                  • Opcode Fuzzy Hash: 1c83d8e5a883e5a2242f7b511a901beaa79efba078e8377d0fdde9e674f50ed8
                                                  • Instruction Fuzzy Hash: 8AA15674D056499FCB04CFA5C880AEEBFB2FF8A311F1485AAD405AB265C734A945CFA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 08560D38, Relevance: .2, Instructions: 180COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.707596182.0000000008560000.00000040.00000001.sdmp, Offset: 08560000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ddd5338ee7291a7dbb544799af37aaf259adf95491d7115fcbbfb2817f0d76df
                                                  • Instruction ID: b4d192ba8557aa89db853008c395a6064fa1f048b2f6a645caa53e35d9f1273b
                                                  • Opcode Fuzzy Hash: ddd5338ee7291a7dbb544799af37aaf259adf95491d7115fcbbfb2817f0d76df
                                                  • Instruction Fuzzy Hash: CE81E0B4D04609DFCB48CFA5C584AAEFBB2FF88311F10856AD405BB294D734AA458F94
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 08561560, Relevance: .1, Instructions: 130COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.707596182.0000000008560000.00000040.00000001.sdmp, Offset: 08560000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: af49ed38fe3a5ade3929b73f4b6436826e916b6fc73e54db65f310290b06a0ba
                                                  • Instruction ID: a76a77b017a1dbeca2d8f5541793629c171123cd008b952cc33fe16c73e0c085
                                                  • Opcode Fuzzy Hash: af49ed38fe3a5ade3929b73f4b6436826e916b6fc73e54db65f310290b06a0ba
                                                  • Instruction Fuzzy Hash: EF5126B5D0560ACFCB08CFAAC5405AEFBF2FB89312F24D56AD416AB211C7348A51CF65
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 08561E28, Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.707596182.0000000008560000.00000040.00000001.sdmp, Offset: 08560000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a5d83f0af2918f6c9e3a142217e954481890bd2f9645a8a0f26d62860336e15a
                                                  • Instruction ID: 4a7a093ad444204929456fb917544f2d3f40f7c672d9c918edc1842bd7db1abb
                                                  • Opcode Fuzzy Hash: a5d83f0af2918f6c9e3a142217e954481890bd2f9645a8a0f26d62860336e15a
                                                  • Instruction Fuzzy Hash: 3E210671E006588BEB18CFAAC84469EFFF6AFC9310F14C06AD408AB265DB740955CB50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07040A49, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualProtect.KERNELBASE(?,?,?,?), ref: 07040ABD
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.706779715.0000000007040000.00000040.00000001.sdmp, Offset: 07040000, based on PE: false
                                                  Similarity
                                                  • API ID: ProtectVirtual
                                                  • String ID: 8< r
                                                  • API String ID: 544645111-304424724
                                                  • Opcode ID: 01a873c534a52da0455c11f4675c94327677ff26b04d1e7c2eb8b5b956294687
                                                  • Instruction ID: 4deeb3297072ced6581ed74e8b91f723cc22b11c180ee2116d541d095e50a594
                                                  • Opcode Fuzzy Hash: 01a873c534a52da0455c11f4675c94327677ff26b04d1e7c2eb8b5b956294687
                                                  • Instruction Fuzzy Hash: 4B21C0721093809FEB228F25DC44BA2FFB4EF06314F0C85DEED858B163D265A418DB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07040A82, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualProtect.KERNELBASE(?,?,?,?), ref: 07040ABD
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.706779715.0000000007040000.00000040.00000001.sdmp, Offset: 07040000, based on PE: false
                                                  Similarity
                                                  • API ID: ProtectVirtual
                                                  • String ID: 8< r
                                                  • API String ID: 544645111-304424724
                                                  • Opcode ID: 03a5df0122d5d1effac62e992977aab9e5ddccb097fc09da238b9e8faf7f2711
                                                  • Instruction ID: fad58c0ef72ab66d4f56c036be8a98d4347c8d4dfbecf2c8e6cbdd61d37d063f
                                                  • Opcode Fuzzy Hash: 03a5df0122d5d1effac62e992977aab9e5ddccb097fc09da238b9e8faf7f2711
                                                  • Instruction Fuzzy Hash: 4F017CB65007019FDB608F5AD884B6AFBA4EF04320F08C5AEDE464B656D275E468CB72
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0704110E, Relevance: 1.6, APIs: 1, Instructions: 135fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0704121D
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.706779715.0000000007040000.00000040.00000001.sdmp, Offset: 07040000, based on PE: false
                                                  Similarity
                                                  • API ID: CreateFile
                                                  • String ID:
                                                  • API String ID: 823142352-0
                                                  • Opcode ID: 88aae4065295e542de5a64adb78013e07ef56f30c41e36068a81bcfe12807a1d
                                                  • Instruction ID: b7a8d1d63f1ea0a2617bafbcf20cca7047a1b023d63d7f8bed4185e1eb489d89
                                                  • Opcode Fuzzy Hash: 88aae4065295e542de5a64adb78013e07ef56f30c41e36068a81bcfe12807a1d
                                                  • Instruction Fuzzy Hash: 1D516BB14093C49FE7138B65CC54A52BFB4AF07314F0A45DBD884DF1A3D225A90AC772
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07041583, Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 07041633
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.706779715.0000000007040000.00000040.00000001.sdmp, Offset: 07040000, based on PE: false
                                                  Similarity
                                                  • API ID: DuplicateHandle
                                                  • String ID:
                                                  • API String ID: 3793708945-0
                                                  • Opcode ID: 311aea891da1882cd3351f9ff8b957fd7bc3ed36bf8c820771c37462a8e58179
                                                  • Instruction ID: d805702a4bf1b100ac8bd7d4c7ea460ccab76e73bb57eb65ceb090535f1c9cf8
                                                  • Opcode Fuzzy Hash: 311aea891da1882cd3351f9ff8b957fd7bc3ed36bf8c820771c37462a8e58179
                                                  • Instruction Fuzzy Hash: 4231B6B14043846FE7228F25DC44FA6BFBCEF05320F0885AEE985DB152D224E909CB71
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015BAB26, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 015BABD5
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.703373902.00000000015BA000.00000040.00000001.sdmp, Offset: 015BA000, based on PE: false
                                                  Similarity
                                                  • API ID: Open
                                                  • String ID:
                                                  • API String ID: 71445658-0
                                                  • Opcode ID: 0e3aab0c34dec9de23aeac12791856d3f9764d808bec5ff4ad9e70e8fc183e4d
                                                  • Instruction ID: 8d717baa3eaaade6ce6ee2750555058a7c41d052977c44702201e6603bfeb7e8
                                                  • Opcode Fuzzy Hash: 0e3aab0c34dec9de23aeac12791856d3f9764d808bec5ff4ad9e70e8fc183e4d
                                                  • Instruction Fuzzy Hash: DD31A2B25043846FE7228F25CC85FA7BFACEF05720F0884AAED809B152D264E549CB71
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015BAC1D, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RegQueryValueExW.KERNELBASE(?,00000E2C,D2985133,00000000,00000000,00000000,00000000), ref: 015BACD8
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.703373902.00000000015BA000.00000040.00000001.sdmp, Offset: 015BA000, based on PE: false
                                                  Similarity
                                                  • API ID: QueryValue
                                                  • String ID:
                                                  • API String ID: 3660427363-0
                                                  • Opcode ID: 878462071ad83d3d111906ef61badceaeb8014e37dba1e41696f7ea234396e7f
                                                  • Instruction ID: ff0484330fdbb782a1b327294d272d41316285755e9861b1758017b7ed46e9cf
                                                  • Opcode Fuzzy Hash: 878462071ad83d3d111906ef61badceaeb8014e37dba1e41696f7ea234396e7f
                                                  • Instruction Fuzzy Hash: F0319F711097846FE722CF25CC84FA6BFF8EF06320F08849AE9858B153D264E549CB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015BB074, Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetConsoleCtrlHandler.KERNELBASE(?,00000E2C,?,?), ref: 015BB10E
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.703373902.00000000015BA000.00000040.00000001.sdmp, Offset: 015BA000, based on PE: false
                                                  Similarity
                                                  • API ID: ConsoleCtrlHandler
                                                  • String ID:
                                                  • API String ID: 1513847179-0
                                                  • Opcode ID: 64672a4960aa504e30b1c967ecb8add7526f14eb6ca674ddc2194e767f154078
                                                  • Instruction ID: 349081e8e44b3467bc595426356282fc6e08e339a46e52a725cdc7551abc8d2d
                                                  • Opcode Fuzzy Hash: 64672a4960aa504e30b1c967ecb8add7526f14eb6ca674ddc2194e767f154078
                                                  • Instruction Fuzzy Hash: E3316F6140E3C16FD3138B258C55A66BFB4EF47610F0A44DBE884CB5A3D229A919C762
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07040EE7, Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LsaOpenPolicy.ADVAPI32(?,00000E2C), ref: 07040F83
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.706779715.0000000007040000.00000040.00000001.sdmp, Offset: 07040000, based on PE: false
                                                  Similarity
                                                  • API ID: OpenPolicy
                                                  • String ID:
                                                  • API String ID: 2030686058-0
                                                  • Opcode ID: a8158f908024b3ee44c70025bef7ce8356278c9ff9c408ee1f2da9fc0c7d42d7
                                                  • Instruction ID: b3010260648b1a5435efe295c52663c52e1693b5625c345570f2328cfc2d02dc
                                                  • Opcode Fuzzy Hash: a8158f908024b3ee44c70025bef7ce8356278c9ff9c408ee1f2da9fc0c7d42d7
                                                  • Instruction Fuzzy Hash: 302182B2504344AFE721CF65DC85FA6FFF8EF45310F0889AAED849B152D225E509CB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 070415B6, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 07041633
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.706779715.0000000007040000.00000040.00000001.sdmp, Offset: 07040000, based on PE: false
                                                  Similarity
                                                  • API ID: DuplicateHandle
                                                  • String ID:
                                                  • API String ID: 3793708945-0
                                                  • Opcode ID: 3b8e18ff3e690431bc19a9ee907f8cc6ce4ad3512fda1652600c126bffb85a97
                                                  • Instruction ID: c36143e0edbed461f7b4517b508edf75124de0ba5f7bfa0fb680c16006fdf053
                                                  • Opcode Fuzzy Hash: 3b8e18ff3e690431bc19a9ee907f8cc6ce4ad3512fda1652600c126bffb85a97
                                                  • Instruction Fuzzy Hash: 4E21C4B1500304AFEB219F69DC44F6AFBECEF04320F08896AED459B551D234E444CB71
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07040BD6, Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetTokenInformation.KERNELBASE(?,00000E2C,D2985133,00000000,00000000,00000000,00000000), ref: 07040C60
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.706779715.0000000007040000.00000040.00000001.sdmp, Offset: 07040000, based on PE: false
                                                  Similarity
                                                  • API ID: InformationToken
                                                  • String ID:
                                                  • API String ID: 4114910276-0
                                                  • Opcode ID: 1a72efbe39f62405af64d5ecb3ed149985c48519415580d843eb0a99eda0c375
                                                  • Instruction ID: 5b88c5e6a0bf28123df08b0970075cec8b67fe60a3296254399eaa8b03138b87
                                                  • Opcode Fuzzy Hash: 1a72efbe39f62405af64d5ecb3ed149985c48519415580d843eb0a99eda0c375
                                                  • Instruction Fuzzy Hash: 542181B1505384AFE722CF65DC84FA7FBACEF45320F0884AAE985DB152D224E548CB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07041691, Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DeleteFileW.KERNELBASE(?), ref: 07041718
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.706779715.0000000007040000.00000040.00000001.sdmp, Offset: 07040000, based on PE: false
                                                  Similarity
                                                  • API ID: DeleteFile
                                                  • String ID:
                                                  • API String ID: 4033686569-0
                                                  • Opcode ID: ab29b7c58e6bdec58574e836486b4f66a2125e57705d66f0d33453cf3c2cb598
                                                  • Instruction ID: 301d2119a7ad97ae98f16967709ee28f604a8192647a064df0afbb79270b1c90
                                                  • Opcode Fuzzy Hash: ab29b7c58e6bdec58574e836486b4f66a2125e57705d66f0d33453cf3c2cb598
                                                  • Instruction Fuzzy Hash: EE218DB65093C09FDB12CB25DC54B92BFB4AF07210F0D84DADC848F263D225A948CB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07041274, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetFileType.KERNELBASE(?,00000E2C,D2985133,00000000,00000000,00000000,00000000), ref: 07041309
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.706779715.0000000007040000.00000040.00000001.sdmp, Offset: 07040000, based on PE: false
                                                  Similarity
                                                  • API ID: FileType
                                                  • String ID:
                                                  • API String ID: 3081899298-0
                                                  • Opcode ID: a4467a1897b59570b5de662f95ff7baa9cb0b60d1e7691c5b8be0a3072a854c3
                                                  • Instruction ID: b758358810152cb655a25f0e926bdd088e5b7ed2636f659c2a9213671c0fbf73
                                                  • Opcode Fuzzy Hash: a4467a1897b59570b5de662f95ff7baa9cb0b60d1e7691c5b8be0a3072a854c3
                                                  • Instruction Fuzzy Hash: 9421F5B64087846FE712CF25DC40BA2BFB8EF46720F1885DAED849B153D224E909C775
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0704119E, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0704121D
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.706779715.0000000007040000.00000040.00000001.sdmp, Offset: 07040000, based on PE: false
                                                  Similarity
                                                  • API ID: CreateFile
                                                  • String ID:
                                                  • API String ID: 823142352-0
                                                  • Opcode ID: 1d616dee889a54392638d92dca8f0fb2d0fe07e03ee5911bc2ebd58d6fd449af
                                                  • Instruction ID: 45fa469a0d4c7a67565ab824a9f6e1a39a9a34bc523baea4d9041450abe08256
                                                  • Opcode Fuzzy Hash: 1d616dee889a54392638d92dca8f0fb2d0fe07e03ee5911bc2ebd58d6fd449af
                                                  • Instruction Fuzzy Hash: 5B219CB1500304AFE721CF65CD44B66FBE8EF08310F08856AE985CB651D335E454CB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07041344, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WriteFile.KERNELBASE(?,00000E2C,D2985133,00000000,00000000,00000000,00000000), ref: 070413D5
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.706779715.0000000007040000.00000040.00000001.sdmp, Offset: 07040000, based on PE: false
                                                  Similarity
                                                  • API ID: FileWrite
                                                  • String ID:
                                                  • API String ID: 3934441357-0
                                                  • Opcode ID: 690c8ac8147e11750ff3978cdec52e3b841c0bf369895324b542247196634203
                                                  • Instruction ID: 961deeda25625a74a2e94484afd0212c5755907899ff91e97002fc10a9b03338
                                                  • Opcode Fuzzy Hash: 690c8ac8147e11750ff3978cdec52e3b841c0bf369895324b542247196634203
                                                  • Instruction Fuzzy Hash: A92190B1409384AFE7228F25DC44F56BFB8EF46324F0984ABE9849B153D264A549CB72
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015BAB56, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 015BABD5
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.703373902.00000000015BA000.00000040.00000001.sdmp, Offset: 015BA000, based on PE: false
                                                  Similarity
                                                  • API ID: Open
                                                  • String ID:
                                                  • API String ID: 71445658-0
                                                  • Opcode ID: f73fc768b44b8e97dcfe0aa4d38540e152713fd157d54a4fac578a7e86902328
                                                  • Instruction ID: 5efec6ed13d4eb18c648e4cddee3e3d0257a10228ce147fea7f5352f99a527eb
                                                  • Opcode Fuzzy Hash: f73fc768b44b8e97dcfe0aa4d38540e152713fd157d54a4fac578a7e86902328
                                                  • Instruction Fuzzy Hash: 01219FB2500704AFE7219F59CC84FAAFBECEF08720F04885AED419B242D634E5488AB1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0704011D, Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DrawTextExW.USER32(?,?,?,?,?), ref: 0704019F
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.706779715.0000000007040000.00000040.00000001.sdmp, Offset: 07040000, based on PE: false
                                                  Similarity
                                                  • API ID: DrawText
                                                  • String ID:
                                                  • API String ID: 2175133113-0
                                                  • Opcode ID: b194d10e79036f9ccdcd874fb3377e3c3c1247da100f38892f49199456f3f32a
                                                  • Instruction ID: ee01e10581b7b5fadfe0a9f4c69e6dfd940d25e10cf93b36c14a3e6e8aab206c
                                                  • Opcode Fuzzy Hash: b194d10e79036f9ccdcd874fb3377e3c3c1247da100f38892f49199456f3f32a
                                                  • Instruction Fuzzy Hash: 8C21A4B1509384AFD722CF25DC44F52BFF4EF06210F0985EAED859B262D275E809CB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07040F12, Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LsaOpenPolicy.ADVAPI32(?,00000E2C), ref: 07040F83
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.706779715.0000000007040000.00000040.00000001.sdmp, Offset: 07040000, based on PE: false
                                                  Similarity
                                                  • API ID: OpenPolicy
                                                  • String ID:
                                                  • API String ID: 2030686058-0
                                                  • Opcode ID: fc8425f936b9f22610285a6e8daeb7838856993b266c2270cb43390bac3e180c
                                                  • Instruction ID: ade78e3566055004243cd2a27d6c183f7ed6146b98f404de70a862561e8ca14d
                                                  • Opcode Fuzzy Hash: fc8425f936b9f22610285a6e8daeb7838856993b266c2270cb43390bac3e180c
                                                  • Instruction Fuzzy Hash: 1E21C0B1500304AFEB20DF69DC85F6AFBE8EF04320F08897AEE459B641D274E4098B71
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015BB87F, Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetTempFileNameW.KERNELBASE(?,00000E2C,?,?), ref: 015BB902
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.703373902.00000000015BA000.00000040.00000001.sdmp, Offset: 015BA000, based on PE: false
                                                  Similarity
                                                  • API ID: FileNameTemp
                                                  • String ID:
                                                  • API String ID: 745986568-0
                                                  • Opcode ID: de66cd9d895391fdb022027e1b65211bdbe91e14adfaaab8845cd27ba93e54e0
                                                  • Instruction ID: cb86c25528e290db924c0f2c474b352688e24a69113f35ce3b9340d41c6cbcac
                                                  • Opcode Fuzzy Hash: de66cd9d895391fdb022027e1b65211bdbe91e14adfaaab8845cd27ba93e54e0
                                                  • Instruction Fuzzy Hash: 522105715083806FD312CF25DC41F66BFB8EF86620F0981ABED848B642D235B915CBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07040BF6, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetTokenInformation.KERNELBASE(?,00000E2C,D2985133,00000000,00000000,00000000,00000000), ref: 07040C60
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.706779715.0000000007040000.00000040.00000001.sdmp, Offset: 07040000, based on PE: false
                                                  Similarity
                                                  • API ID: InformationToken
                                                  • String ID:
                                                  • API String ID: 4114910276-0
                                                  • Opcode ID: 22857112277a65a469a4a86ab085cd8ec26dfbc04c417905733c01c53b0fe01a
                                                  • Instruction ID: 8efb492ea6ae1fa5524202d8d8ddc535d83d42ee275a404692031cbf09f6bba9
                                                  • Opcode Fuzzy Hash: 22857112277a65a469a4a86ab085cd8ec26dfbc04c417905733c01c53b0fe01a
                                                  • Instruction Fuzzy Hash: 6C11AFB1600305AFEB21CF65DC84FAAFBACEF44320F0485AAEA45DB245D674E408CB71
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015BAC5E, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RegQueryValueExW.KERNELBASE(?,00000E2C,D2985133,00000000,00000000,00000000,00000000), ref: 015BACD8
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.703373902.00000000015BA000.00000040.00000001.sdmp, Offset: 015BA000, based on PE: false
                                                  Similarity
                                                  • API ID: QueryValue
                                                  • String ID:
                                                  • API String ID: 3660427363-0
                                                  • Opcode ID: 6badaa548269d9df78f975fe8eea5d4c8299041f8a11a1f3317e86120eae1be6
                                                  • Instruction ID: 1dc6d64d3d10c777f31e7eeba5f1dfc94e18af56a039ada6736841304212d270
                                                  • Opcode Fuzzy Hash: 6badaa548269d9df78f975fe8eea5d4c8299041f8a11a1f3317e86120eae1be6
                                                  • Instruction Fuzzy Hash: 03219D71600704AFE721CF19DC85FAAFBECFF04720F08846AE9459B656D764E408CA71
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07041954, Relevance: 1.6, APIs: 1, Instructions: 68injectionCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 070419D4
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.706779715.0000000007040000.00000040.00000001.sdmp, Offset: 07040000, based on PE: false
                                                  Similarity
                                                  • API ID: MemoryProcessWrite
                                                  • String ID:
                                                  • API String ID: 3559483778-0
                                                  • Opcode ID: 830b8b686e1e0545f7e15a56c5bb783dfd993f063638ebb58bafdc0c99386a48
                                                  • Instruction ID: d50265c47a9f15b71206fe90df3d19fd6a7131c929bdae66972c04cc1f34399a
                                                  • Opcode Fuzzy Hash: 830b8b686e1e0545f7e15a56c5bb783dfd993f063638ebb58bafdc0c99386a48
                                                  • Instruction Fuzzy Hash: 2E21BDB60093C09FD7128F25DC85A92FFF4EF06220F0980DEE8858B163D224A858CB21
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015BB2F9, Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadLibraryShim.MSCOREE(?,?,?,?), ref: 015BB375
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.703373902.00000000015BA000.00000040.00000001.sdmp, Offset: 015BA000, based on PE: false
                                                  Similarity
                                                  • API ID: LibraryLoadShim
                                                  • String ID:
                                                  • API String ID: 1475914169-0
                                                  • Opcode ID: b06832110228b025f9174f4d827a6ce6f3c2f32d604cec434a058017f0caf20c
                                                  • Instruction ID: c450fc9ddd32fae3077a7d6b20278eba9146b88505f1e305fdf6a3db3776852e
                                                  • Opcode Fuzzy Hash: b06832110228b025f9174f4d827a6ce6f3c2f32d604cec434a058017f0caf20c
                                                  • Instruction Fuzzy Hash: 6B2190B15093809FE7228E15DC84B66FFF8EF46714F09848AED85CF253D265E909CB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07041AB5, Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • PostMessageW.USER32(?,?,?,?), ref: 07041B29
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.706779715.0000000007040000.00000040.00000001.sdmp, Offset: 07040000, based on PE: false
                                                  Similarity
                                                  • API ID: MessagePost
                                                  • String ID:
                                                  • API String ID: 410705778-0
                                                  • Opcode ID: 67ce249be0c3a4ac797ce453f22d840146c52ac20c2e874732cc0d6f62ed2b22
                                                  • Instruction ID: 885c1238aca6d58175a5f4c9c7a6996470704efd486f3c0574edd56f5a884140
                                                  • Opcode Fuzzy Hash: 67ce249be0c3a4ac797ce453f22d840146c52ac20c2e874732cc0d6f62ed2b22
                                                  • Instruction Fuzzy Hash: 36218C714093C09FDB238F25DC44A52FFB4EF17220F0D85DAE9848F163D225A858DB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015BA5AF, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 015BA61A
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.703373902.00000000015BA000.00000040.00000001.sdmp, Offset: 015BA000, based on PE: false
                                                  Similarity
                                                  • API ID: DuplicateHandle
                                                  • String ID:
                                                  • API String ID: 3793708945-0
                                                  • Opcode ID: 6003b6f5414072dace544de4a57d7bd25db186e63c05b5546290b95a18e27e55
                                                  • Instruction ID: 322d8d2bae60fe9153fef4a4b070bfe33fd2630f6b9015198a439ae0f2822a08
                                                  • Opcode Fuzzy Hash: 6003b6f5414072dace544de4a57d7bd25db186e63c05b5546290b95a18e27e55
                                                  • Instruction Fuzzy Hash: 65117F72409380AFDB228F55DC44A62FFF4EF4A320F08849EED858F562D275A418DB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07040375, Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FindCloseChangeNotification.KERNELBASE(?), ref: 070403DC
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.706779715.0000000007040000.00000040.00000001.sdmp, Offset: 07040000, based on PE: false
                                                  Similarity
                                                  • API ID: ChangeCloseFindNotification
                                                  • String ID:
                                                  • API String ID: 2591292051-0
                                                  • Opcode ID: efa72bb75fd0ec015f1b327b2d6bf12f9b4fb952790a62ae4f9259f0d819aafd
                                                  • Instruction ID: d8c37e0213ad14a4ecbe54345c1f7fba9f3326c8670a2e03bc8d792f3e5322b3
                                                  • Opcode Fuzzy Hash: efa72bb75fd0ec015f1b327b2d6bf12f9b4fb952790a62ae4f9259f0d819aafd
                                                  • Instruction Fuzzy Hash: 1211D3B14093849FD712CF15DC44B52BFA4EF42324F0880EAED859F653D275A948CB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07041376, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WriteFile.KERNELBASE(?,00000E2C,D2985133,00000000,00000000,00000000,00000000), ref: 070413D5
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.706779715.0000000007040000.00000040.00000001.sdmp, Offset: 07040000, based on PE: false
                                                  Similarity
                                                  • API ID: FileWrite
                                                  • String ID:
                                                  • API String ID: 3934441357-0
                                                  • Opcode ID: 4e5644b3f7eaccff3255b375fe93efdd2cc14183c488714154a4c76cd78541ff
                                                  • Instruction ID: cf08f66a720eb827a6773fdfb66dec7e73e4b8f9d78ad1ca26a004c8b822efa3
                                                  • Opcode Fuzzy Hash: 4e5644b3f7eaccff3255b375fe93efdd2cc14183c488714154a4c76cd78541ff
                                                  • Instruction Fuzzy Hash: 1311BFB2500304AFEB21CF55DC44BAAFBA8EF44720F08856AED459B646D274E448CBB1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015BA65A, Relevance: 1.6, APIs: 1, Instructions: 60threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ResumeThread.KERNELBASE(?), ref: 015BA6CC
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.703373902.00000000015BA000.00000040.00000001.sdmp, Offset: 015BA000, based on PE: false
                                                  Similarity
                                                  • API ID: ResumeThread
                                                  • String ID:
                                                  • API String ID: 947044025-0
                                                  • Opcode ID: 2e5211236d12fb02ff0e04d7c480032eb3673fd6f3413f184a48ab2d5b18122d
                                                  • Instruction ID: df5402a86c9a904da0e3e3a5472b3333d311ba84a5ed20dbcd11e30c6c77198b
                                                  • Opcode Fuzzy Hash: 2e5211236d12fb02ff0e04d7c480032eb3673fd6f3413f184a48ab2d5b18122d
                                                  • Instruction Fuzzy Hash: 161159714093C45FD7138B25DC946A2BFB4EF47624F0D80DAED848F2A3D2699908CB72
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 070418B3, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07041918
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.706779715.0000000007040000.00000040.00000001.sdmp, Offset: 07040000, based on PE: false
                                                  Similarity
                                                  • API ID: MemoryProcessRead
                                                  • String ID:
                                                  • API String ID: 1726664587-0
                                                  • Opcode ID: af77c23e4f57d465a19acfa07b29deb8a37addc12f733413f613614c5c8f561f
                                                  • Instruction ID: 0a55be31f4f6100b38a6fe32bf57474f33e097cf06747cc0cbaf7063f02550cd
                                                  • Opcode Fuzzy Hash: af77c23e4f57d465a19acfa07b29deb8a37addc12f733413f613614c5c8f561f
                                                  • Instruction Fuzzy Hash: 5611D3760097809FDB228F11DC40A52FFB4EF16320F0C819EED858A562C275A458DB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015BA2D6, Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FindCloseChangeNotification.KERNELBASE(?), ref: 015BA32C
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.703373902.00000000015BA000.00000040.00000001.sdmp, Offset: 015BA000, based on PE: false
                                                  Similarity
                                                  • API ID: ChangeCloseFindNotification
                                                  • String ID:
                                                  • API String ID: 2591292051-0
                                                  • Opcode ID: 423d6988ddcb7b15e383f504ab40ca6b148f96a8353444a59486d0a7f21655d5
                                                  • Instruction ID: 5705ad4f23281997990786f6771efc66210e84262d05072517bf3e0e653b8ec3
                                                  • Opcode Fuzzy Hash: 423d6988ddcb7b15e383f504ab40ca6b148f96a8353444a59486d0a7f21655d5
                                                  • Instruction Fuzzy Hash: E41154715093809FDB128F29DC94796BFB4EF46220F0C84EBED858F653D2759908CB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07041E47, Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • PostMessageW.USER32(?,?,?,?), ref: 07041EB1
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.706779715.0000000007040000.00000040.00000001.sdmp, Offset: 07040000, based on PE: false
                                                  Similarity
                                                  • API ID: MessagePost
                                                  • String ID:
                                                  • API String ID: 410705778-0
                                                  • Opcode ID: 435a1f880bb640a100a2557bba582c4306a976318c2390c743de0c97263846d0
                                                  • Instruction ID: dcb8403e1a9c4e45f3931690ffaaf6be6975b09907a1d35bee114bafb8f7ef6d
                                                  • Opcode Fuzzy Hash: 435a1f880bb640a100a2557bba582c4306a976318c2390c743de0c97263846d0
                                                  • Instruction Fuzzy Hash: 6B1190754093849FDB228F15DC45B52FFB4EF06324F0884AEED858B563C275A458CB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0704180C, Relevance: 1.6, APIs: 1, Instructions: 55threadinjectionCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetThreadContext.KERNELBASE(?,?), ref: 0704186B
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.706779715.0000000007040000.00000040.00000001.sdmp, Offset: 07040000, based on PE: false
                                                  Similarity
                                                  • API ID: ContextThread
                                                  • String ID:
                                                  • API String ID: 1591575202-0
                                                  • Opcode ID: 87e9934c7e91f38e8a3a9cae90da5ee71f0d230fd700b5ffb86f404a782c2dfe
                                                  • Instruction ID: df415f508ac3a1c59e8c013cf414920235fc2e2c9fc5f50043dc89b3bf54b9b6
                                                  • Opcode Fuzzy Hash: 87e9934c7e91f38e8a3a9cae90da5ee71f0d230fd700b5ffb86f404a782c2dfe
                                                  • Instruction Fuzzy Hash: D31191B55093859FD711CF15DC85B62FFE8EF06220F0980AEED458B262D274E948CB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 070412B6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetFileType.KERNELBASE(?,00000E2C,D2985133,00000000,00000000,00000000,00000000), ref: 07041309
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.706779715.0000000007040000.00000040.00000001.sdmp, Offset: 07040000, based on PE: false
                                                  Similarity
                                                  • API ID: FileType
                                                  • String ID:
                                                  • API String ID: 3081899298-0
                                                  • Opcode ID: 240f89b8385362aeb34ee5160e05e271a234cc94c95b9e507184aa26fd029d7d
                                                  • Instruction ID: 2e660f4a2aa3a034f9a0592957314a454d13b2f90975916e83f89e1b4aaf44c7
                                                  • Opcode Fuzzy Hash: 240f89b8385362aeb34ee5160e05e271a234cc94c95b9e507184aa26fd029d7d
                                                  • Instruction Fuzzy Hash: 370126B1500308AFE720CF15DC44BAAFB98DF04721F4880AAED049B645D278E544CAB5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0704014E, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DrawTextExW.USER32(?,?,?,?,?), ref: 0704019F
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.706779715.0000000007040000.00000040.00000001.sdmp, Offset: 07040000, based on PE: false
                                                  Similarity
                                                  • API ID: DrawText
                                                  • String ID:
                                                  • API String ID: 2175133113-0
                                                  • Opcode ID: 2db9dd78f2446ba9343017e8602424411480b5f24134de40e9e95d058ab437e0
                                                  • Instruction ID: 0fceb545ddeb6f33a2f5377a9cfd5db12167587330bfbbd333cb59d665d8f644
                                                  • Opcode Fuzzy Hash: 2db9dd78f2446ba9343017e8602424411480b5f24134de40e9e95d058ab437e0
                                                  • Instruction Fuzzy Hash: 54112EB55003049FDB60CF56D884B66FBF8EF04720F0885AADE459B766E375E404CB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015BADF4, Relevance: 1.6, APIs: 1, Instructions: 50memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 015BAE54
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.703373902.00000000015BA000.00000040.00000001.sdmp, Offset: 015BA000, based on PE: false
                                                  Similarity
                                                  • API ID: AllocVirtual
                                                  • String ID:
                                                  • API String ID: 4275171209-0
                                                  • Opcode ID: d801a41cbbb66083081ff3930f7887c66237d6e8cb1139e1f086848101e529ba
                                                  • Instruction ID: bf80d21ae302505c144d1156c4081846a3f3420d92feb8f559c2a8b65f640ba0
                                                  • Opcode Fuzzy Hash: d801a41cbbb66083081ff3930f7887c66237d6e8cb1139e1f086848101e529ba
                                                  • Instruction Fuzzy Hash: E2119E32409780AFDB228F55DC84A56FFF4EF45320F09849EED854B662C375A458CB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015BA9F0, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.703373902.00000000015BA000.00000040.00000001.sdmp, Offset: 015BA000, based on PE: false
                                                  Similarity
                                                  • API ID: LongWindow
                                                  • String ID:
                                                  • API String ID: 1378638983-0
                                                  • Opcode ID: 86f7ea48580c034470d0b9888cc18431892181fbd73be8b69e6b1078d18dc7cf
                                                  • Instruction ID: 8a5aa15bc1c5a3963552333c40001342a1ba3b446b251f325bcada417e7db55a
                                                  • Opcode Fuzzy Hash: 86f7ea48580c034470d0b9888cc18431892181fbd73be8b69e6b1078d18dc7cf
                                                  • Instruction Fuzzy Hash: 2F11A932408384AFD7228F15DC84B52FFB4EF46320F08C49AED858F262C375A808CB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0704198E, Relevance: 1.5, APIs: 1, Instructions: 47injectionCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 070419D4
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.706779715.0000000007040000.00000040.00000001.sdmp, Offset: 07040000, based on PE: false
                                                  Similarity
                                                  • API ID: MemoryProcessWrite
                                                  • String ID:
                                                  • API String ID: 3559483778-0
                                                  • Opcode ID: 6f6768a5bea8c50efcb6e0f0287f1739e77591a72750ab15e5355f0d5848aaba
                                                  • Instruction ID: b2c1f8a50e3dbfe46abb2c06f8edee3a67f82ee44dd27812c38bc3ee44f7e6ef
                                                  • Opcode Fuzzy Hash: 6f6768a5bea8c50efcb6e0f0287f1739e77591a72750ab15e5355f0d5848aaba
                                                  • Instruction Fuzzy Hash: 8E01ADB56007049FDB20CF56D884B66FBE4EF08320F0881AEED498B651E335E858CB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 070416DE, Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DeleteFileW.KERNELBASE(?), ref: 07041718
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.706779715.0000000007040000.00000040.00000001.sdmp, Offset: 07040000, based on PE: false
                                                  Similarity
                                                  • API ID: DeleteFile
                                                  • String ID:
                                                  • API String ID: 4033686569-0
                                                  • Opcode ID: 99277f3c457825b0877e5d3c3f3f50ec3e36471ad5b7125bd8985ece107cff88
                                                  • Instruction ID: d56b665184395371e034cd957697f32b0a5fc418b716a10bccd879bd0a68597c
                                                  • Opcode Fuzzy Hash: 99277f3c457825b0877e5d3c3f3f50ec3e36471ad5b7125bd8985ece107cff88
                                                  • Instruction Fuzzy Hash: DC019EB1A003459FDB50CF2AD884766FBE8EF04220F1884BADD49CB646D278E844CBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015BB8B2, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetTempFileNameW.KERNELBASE(?,00000E2C,?,?), ref: 015BB902
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.703373902.00000000015BA000.00000040.00000001.sdmp, Offset: 015BA000, based on PE: false
                                                  Similarity
                                                  • API ID: FileNameTemp
                                                  • String ID:
                                                  • API String ID: 745986568-0
                                                  • Opcode ID: d64df07e4cd0b8a91d8492df85b17cc80268385771a0c7dea1f9e237ef48ae14
                                                  • Instruction ID: d633a1cef46387ea30363669657c785ec6e8d3359a8b1d67d5fff2920523a1c6
                                                  • Opcode Fuzzy Hash: d64df07e4cd0b8a91d8492df85b17cc80268385771a0c7dea1f9e237ef48ae14
                                                  • Instruction Fuzzy Hash: 1101B171500600AFD310DF1ADC81B36FBA8FF88B20F14812AED088B641D231F915CBA5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015BB32A, Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadLibraryShim.MSCOREE(?,?,?,?), ref: 015BB375
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.703373902.00000000015BA000.00000040.00000001.sdmp, Offset: 015BA000, based on PE: false
                                                  Similarity
                                                  • API ID: LibraryLoadShim
                                                  • String ID:
                                                  • API String ID: 1475914169-0
                                                  • Opcode ID: 1580cfd4addcde5cf596c729a31d5f2972753161dd739dbd96b4f9e2fd1dbe12
                                                  • Instruction ID: 154676075760428d959ed016c9dfee11545fc1f7ab7b8d119297cbc82efb413f
                                                  • Opcode Fuzzy Hash: 1580cfd4addcde5cf596c729a31d5f2972753161dd739dbd96b4f9e2fd1dbe12
                                                  • Instruction Fuzzy Hash: 770140719057409FD760CE1AD885BA6FBE8FF04720F088459DD458B656D3B5E408CB72
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015BA5D6, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 015BA61A
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.703373902.00000000015BA000.00000040.00000001.sdmp, Offset: 015BA000, based on PE: false
                                                  Similarity
                                                  • API ID: DuplicateHandle
                                                  • String ID:
                                                  • API String ID: 3793708945-0
                                                  • Opcode ID: da28b7b0d65c74b330988579884451b3a3e82205050bd7211d32620a50a8b214
                                                  • Instruction ID: 05d0115cc35e7f517c8265b13e144fe068066c4bcf9da8d38c71dfe915b10b32
                                                  • Opcode Fuzzy Hash: da28b7b0d65c74b330988579884451b3a3e82205050bd7211d32620a50a8b214
                                                  • Instruction Fuzzy Hash: 8A015B718007009FDB218F59D884B56FFE0EF48720F08C8AADD494F656D275E418CF62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0704182E, Relevance: 1.5, APIs: 1, Instructions: 44threadinjectionCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetThreadContext.KERNELBASE(?,?), ref: 0704186B
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.706779715.0000000007040000.00000040.00000001.sdmp, Offset: 07040000, based on PE: false
                                                  Similarity
                                                  • API ID: ContextThread
                                                  • String ID:
                                                  • API String ID: 1591575202-0
                                                  • Opcode ID: acd071e11c1a37b59a8d8e4cb131533c2da04dd1edaead903e28a824e6533b3e
                                                  • Instruction ID: 9722f6bde6dc030c7a77d5125d2e1bde011a56a4709f6af5fee70173728d5cae
                                                  • Opcode Fuzzy Hash: acd071e11c1a37b59a8d8e4cb131533c2da04dd1edaead903e28a824e6533b3e
                                                  • Instruction Fuzzy Hash: FA0171B56102459FEB608F16D884B66FBE4EF05220F08C1AEDD458B655D274E448CB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 070403AA, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FindCloseChangeNotification.KERNELBASE(?), ref: 070403DC
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.706779715.0000000007040000.00000040.00000001.sdmp, Offset: 07040000, based on PE: false
                                                  Similarity
                                                  • API ID: ChangeCloseFindNotification
                                                  • String ID:
                                                  • API String ID: 2591292051-0
                                                  • Opcode ID: 46fd3d6033fde507fc63027f686f495bedecf38da6521ca3233197820bd2d8aa
                                                  • Instruction ID: 17d07259faf693f8dae823269f7cfb5ac4a1c0a8d6259710662e00dca24ae41d
                                                  • Opcode Fuzzy Hash: 46fd3d6033fde507fc63027f686f495bedecf38da6521ca3233197820bd2d8aa
                                                  • Instruction Fuzzy Hash: 3B01BCB16003408FDB508F6AE984756FBA4EF40220F08C0BADD499FA46D274E448CA72
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 070418DA, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07041918
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.706779715.0000000007040000.00000040.00000001.sdmp, Offset: 07040000, based on PE: false
                                                  Similarity
                                                  • API ID: MemoryProcessRead
                                                  • String ID:
                                                  • API String ID: 1726664587-0
                                                  • Opcode ID: 0c4333909b22464af8e53dcbcd70485e13c8962914907353593a6a49eb1a1b2d
                                                  • Instruction ID: 9f5164ad2edd19dffc53ffcc11fa1085b53cb5d1d5dc7d59ee570ef0db1bf6b6
                                                  • Opcode Fuzzy Hash: 0c4333909b22464af8e53dcbcd70485e13c8962914907353593a6a49eb1a1b2d
                                                  • Instruction Fuzzy Hash: 6C01DEB25003049FDB208F16DC80B66FBE0EF04320F08C5AEDD454A651D235E858CF62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015BA2FA, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FindCloseChangeNotification.KERNELBASE(?), ref: 015BA32C
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.703373902.00000000015BA000.00000040.00000001.sdmp, Offset: 015BA000, based on PE: false
                                                  Similarity
                                                  • API ID: ChangeCloseFindNotification
                                                  • String ID:
                                                  • API String ID: 2591292051-0
                                                  • Opcode ID: d1fc309e793c7f1b9edf5f92a20f6bea16e9dd483a2b9c7d7691307bf57218e5
                                                  • Instruction ID: f85dbb82bd8e14b8e1edfa27368758c96b9ff17b63b2d6bd0f617c8cc13fe1b4
                                                  • Opcode Fuzzy Hash: d1fc309e793c7f1b9edf5f92a20f6bea16e9dd483a2b9c7d7691307bf57218e5
                                                  • Instruction Fuzzy Hash: C30184715053408FDB108F19D8847A9FBD4EF44720F08C4AADD458F646D678D444CA61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015BB0BE, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetConsoleCtrlHandler.KERNELBASE(?,00000E2C,?,?), ref: 015BB10E
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.703373902.00000000015BA000.00000040.00000001.sdmp, Offset: 015BA000, based on PE: false
                                                  Similarity
                                                  • API ID: ConsoleCtrlHandler
                                                  • String ID:
                                                  • API String ID: 1513847179-0
                                                  • Opcode ID: 577d6e3686caa61d51393b7246ad0018dcfc0f97e508ac16d1d45f275bf78b8a
                                                  • Instruction ID: cd2e72973f2c1835740b4c054201df728457dfc75f86cb67f3dbe4f06c0a23c5
                                                  • Opcode Fuzzy Hash: 577d6e3686caa61d51393b7246ad0018dcfc0f97e508ac16d1d45f275bf78b8a
                                                  • Instruction Fuzzy Hash: B701A271500600ABD214DF1ADC82B36FBA8FF89B20F14815AED084B741D235F516CBE5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07041E76, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • PostMessageW.USER32(?,?,?,?), ref: 07041EB1
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.706779715.0000000007040000.00000040.00000001.sdmp, Offset: 07040000, based on PE: false
                                                  Similarity
                                                  • API ID: MessagePost
                                                  • String ID:
                                                  • API String ID: 410705778-0
                                                  • Opcode ID: c6792fec089daaac37ec64dd8df90dee1ca611d4c19cf9cf5b921ab0595e002a
                                                  • Instruction ID: 3fc114cc59f4dec2b0b447c315acc03cec5afb31d109c8de38aa390e01fab3ca
                                                  • Opcode Fuzzy Hash: c6792fec089daaac37ec64dd8df90dee1ca611d4c19cf9cf5b921ab0595e002a
                                                  • Instruction Fuzzy Hash: B901BCB9500304CFDB208F56D884B66FBE0EF08324F08C1AEED454B652D375E458CBA6
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015BAE16, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 015BAE54
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.703373902.00000000015BA000.00000040.00000001.sdmp, Offset: 015BA000, based on PE: false
                                                  Similarity
                                                  • API ID: AllocVirtual
                                                  • String ID:
                                                  • API String ID: 4275171209-0
                                                  • Opcode ID: 09a98aeebce64964fad285d921310cd97c7516d7823f99a773f6003c189a9936
                                                  • Instruction ID: 0b4e3639bd9810acfe05e2abc7e62dacfe97b7c4e0a387ec607e8126090a2ddc
                                                  • Opcode Fuzzy Hash: 09a98aeebce64964fad285d921310cd97c7516d7823f99a773f6003c189a9936
                                                  • Instruction Fuzzy Hash: AD017C31500700DFDB218F5AD884BA5FBA4FF08320F08849EDD450B666D375E458CB72
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07041AEE, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • PostMessageW.USER32(?,?,?,?), ref: 07041B29
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.706779715.0000000007040000.00000040.00000001.sdmp, Offset: 07040000, based on PE: false
                                                  Similarity
                                                  • API ID: MessagePost
                                                  • String ID:
                                                  • API String ID: 410705778-0
                                                  • Opcode ID: 7d034a0ebf11dbcfb3ea93c4b9ce710d517017040046e2ed49c729cb9378a0f6
                                                  • Instruction ID: 2db1197ddfaf64f538e5e834d1eb82c69b486b8eea0821945751685ee0735981
                                                  • Opcode Fuzzy Hash: 7d034a0ebf11dbcfb3ea93c4b9ce710d517017040046e2ed49c729cb9378a0f6
                                                  • Instruction Fuzzy Hash: 51018FB15003049FDB208F46D844B65FBA0EF08320F08C5AEDD450B666E375E458CBA2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015BAA12, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.703373902.00000000015BA000.00000040.00000001.sdmp, Offset: 015BA000, based on PE: false
                                                  Similarity
                                                  • API ID: LongWindow
                                                  • String ID:
                                                  • API String ID: 1378638983-0
                                                  • Opcode ID: 3d666b5100b0f5a099357dc8d3951d1b08cb754f5f558f3544243f4bf24c20e0
                                                  • Instruction ID: 62444bef81604bc76c901e5fb6a24ed69e354a361d2c6e66418c1f64cbd9a850
                                                  • Opcode Fuzzy Hash: 3d666b5100b0f5a099357dc8d3951d1b08cb754f5f558f3544243f4bf24c20e0
                                                  • Instruction Fuzzy Hash: 0B01A9315003008FDB218F4AD984BA6FBA0EF04720F08C4AADD490F656D3B9E408CFB2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015BA69A, Relevance: 1.5, APIs: 1, Instructions: 35threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ResumeThread.KERNELBASE(?), ref: 015BA6CC
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.703373902.00000000015BA000.00000040.00000001.sdmp, Offset: 015BA000, based on PE: false
                                                  Similarity
                                                  • API ID: ResumeThread
                                                  • String ID:
                                                  • API String ID: 947044025-0
                                                  • Opcode ID: d2b033ad6355860f04999a223ddb8bc8549baa29ee9f104b0557c200fef9f090
                                                  • Instruction ID: c26a77743dfe4806de5070f9b8915e966959c32cf89ac808cab6a8fc08cfb405
                                                  • Opcode Fuzzy Hash: d2b033ad6355860f04999a223ddb8bc8549baa29ee9f104b0557c200fef9f090
                                                  • Instruction Fuzzy Hash: 07F0AF749007408FDB208F0AD8857A5FFA0EF44320F08C49ADD494F656E279E448CEB2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05596DB5, Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: >_kq
                                                  • API String ID: 0-4149988037
                                                  • Opcode ID: 95de8b3d1457485fe7a1ce335fbc64c4f9cb907c8e0f6867cb3b67a609f43b1c
                                                  • Instruction ID: b7c8716890660b72a715e84e4be3ac3dca6f49f1a5ef1b41721c4c09139453b7
                                                  • Opcode Fuzzy Hash: 95de8b3d1457485fe7a1ce335fbc64c4f9cb907c8e0f6867cb3b67a609f43b1c
                                                  • Instruction Fuzzy Hash: D4C1497492520ACFEF18CF58C188AACBBB6FF09358F159199C0156B252C7B9ED85CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05596D81, Relevance: 1.5, Strings: 1, Instructions: 260COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: >_kq
                                                  • API String ID: 0-4149988037
                                                  • Opcode ID: 758e9e50d46a3818e829a4ce17fbf83b94f496f29d06e7408982628272608591
                                                  • Instruction ID: c8b1fa5ad3245382f8d9805bed3fe4dc5da1ab01dc1ce87592e42b9ece9baa0a
                                                  • Opcode Fuzzy Hash: 758e9e50d46a3818e829a4ce17fbf83b94f496f29d06e7408982628272608591
                                                  • Instruction Fuzzy Hash: 46C15B7492520ACFEF18CF58C188AECBBB6FF0A354F159196C0156B252C7B9D885CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05590960, Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: :@fq
                                                  • API String ID: 0-3673016210
                                                  • Opcode ID: f06f5ed9be1f8346037f16f7527010db0867e592ebf14240097f9432928d3603
                                                  • Instruction ID: 2ef75daa345a9f020799f9d5b6d834184aa86425a3e7c3463909adede27eb81a
                                                  • Opcode Fuzzy Hash: f06f5ed9be1f8346037f16f7527010db0867e592ebf14240097f9432928d3603
                                                  • Instruction Fuzzy Hash: A181E574E05219CFDB28CFA9C498BADBBF2BF48314F104569D409AB3A0DB349985CF51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 055909D0, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: :@fq
                                                  • API String ID: 0-3673016210
                                                  • Opcode ID: e663931887895d54b74b03c54f284ca1c8e4c674ad376aed9a6b1a71a9f7754e
                                                  • Instruction ID: 5c3ea8bd4e5c6205998c29f2bd720cf0f0bc466a5c0bc806bf2db7d7f78c4e37
                                                  • Opcode Fuzzy Hash: e663931887895d54b74b03c54f284ca1c8e4c674ad376aed9a6b1a71a9f7754e
                                                  • Instruction Fuzzy Hash: BB51D674D01219CFDB68CFA8C894BACBBB2BF49314F105999D419AB3A0DB349985CF51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05590E68, Relevance: 1.3, Strings: 1, Instructions: 35COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: `-Qp
                                                  • API String ID: 0-3646087301
                                                  • Opcode ID: b58dbe66cceaddfaef9c3f8b072f731473a4e404e2e23a67129634f2b735c97d
                                                  • Instruction ID: 2fe95049e6d25d6ce78a5013045ff2a9601ff06bfa4f8d56659e0eddaf1bed47
                                                  • Opcode Fuzzy Hash: b58dbe66cceaddfaef9c3f8b072f731473a4e404e2e23a67129634f2b735c97d
                                                  • Instruction Fuzzy Hash: A2F0A430A196548FCB29DB64CC146EB7FB6AF87301F0505ED90855B292DA751C45CF42
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05590E78, Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: `-Qp
                                                  • API String ID: 0-3646087301
                                                  • Opcode ID: 2e13881fe477106cae743df8d7bb0cef839f6670ed959f1429845a634af16ac7
                                                  • Instruction ID: 5b84953184abd1f8e6b162ac94a346c3c80ec186b4001936283145e60339b025
                                                  • Opcode Fuzzy Hash: 2e13881fe477106cae743df8d7bb0cef839f6670ed959f1429845a634af16ac7
                                                  • Instruction Fuzzy Hash: 36F0B430A116248FCB28DB24CC047AB7BB6BF86302F0005AC80496B391DB755D44CF82
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0856639D, Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.707596182.0000000008560000.00000040.00000001.sdmp, Offset: 08560000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: <
                                                  • API String ID: 0-4251816714
                                                  • Opcode ID: 23d62575f90904c7d9a5f608cc66ca2d83c7de3476c243133c6be4736c953164
                                                  • Instruction ID: bfd6a4c1f82b65bc2fe7ab127dc6686e7de547be663984a44e98277c3834a769
                                                  • Opcode Fuzzy Hash: 23d62575f90904c7d9a5f608cc66ca2d83c7de3476c243133c6be4736c953164
                                                  • Instruction Fuzzy Hash: 8AF06C70916329DBDB64CF25C8986DABBB1FB49312F1198E9D00A67264CB315B80CF11
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 085677A0, Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.707596182.0000000008560000.00000040.00000001.sdmp, Offset: 08560000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ntin
                                                  • API String ID: 0-3077571345
                                                  • Opcode ID: cec5625b48fef4da928e6a157eae47d1688bbeefe90529225a5d5ac957599867
                                                  • Instruction ID: f2a5d2f2502ec367959cd18c4586a50f564373f7a0b6a7d524cbf2a7544a666c
                                                  • Opcode Fuzzy Hash: cec5625b48fef4da928e6a157eae47d1688bbeefe90529225a5d5ac957599867
                                                  • Instruction Fuzzy Hash: 51F0AE74904269CFCF20CFA8C981B9EBBF0BF59300F119099D009AB724D734A940CF21
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05595A58, Relevance: .3, Instructions: 340COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3a7044bd27b97bd6c222655c4e0ed9b283a655e5e2644b33441aa2ede402272d
                                                  • Instruction ID: 366db532f895f7556a93350612490b57e1eca2580260a4cfcc107ebf322545e6
                                                  • Opcode Fuzzy Hash: 3a7044bd27b97bd6c222655c4e0ed9b283a655e5e2644b33441aa2ede402272d
                                                  • Instruction Fuzzy Hash: A6F1AE74905228CFDB69CF64C888BECBBB2BF89301F1080E9D509AB251DB745E99CF41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0559E019, Relevance: .3, Instructions: 338COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0fc540d6bd842fc1797677cf74f4328fa9826c626efab3e44347f8d287dcf3c8
                                                  • Instruction ID: ba88b73d553d665a220d8ac313e1d20f67e65518a5c3072f6aca2518ef5568fe
                                                  • Opcode Fuzzy Hash: 0fc540d6bd842fc1797677cf74f4328fa9826c626efab3e44347f8d287dcf3c8
                                                  • Instruction Fuzzy Hash: 8CD1CD30A04214CBDF18CBA8C8467BDB7BAFF49304F14856AE51A9B3D5DB38D945CB92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 055901D7, Relevance: .2, Instructions: 223COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0833fcb7ac44abfbce0a3f6bfd990d0df68c8255dddecec67f706d7991dff510
                                                  • Instruction ID: fc7577dbccd78817467bb1be29746a3276d14f7659cef86b416f67eeaca2d4cf
                                                  • Opcode Fuzzy Hash: 0833fcb7ac44abfbce0a3f6bfd990d0df68c8255dddecec67f706d7991dff510
                                                  • Instruction Fuzzy Hash: 8E81133190521ACFCF15DFE4D8489EDBBB2FF8A300F14492AD505BB1A4DB75690ACB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05597F31, Relevance: .2, Instructions: 216COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1aee44f00257574a94156a0bbec05d3cad4cfa017223261cdfaee4b18912097b
                                                  • Instruction ID: 743d01ce68ca49042bd9d270f3679ad2de72868d3d89326b67304c8bc38aa34f
                                                  • Opcode Fuzzy Hash: 1aee44f00257574a94156a0bbec05d3cad4cfa017223261cdfaee4b18912097b
                                                  • Instruction Fuzzy Hash: 0391C274D05609CFCF18CFA9C484AEEBBF6BF4A300F24952AD419AB245D738A945CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05597F88, Relevance: .2, Instructions: 216COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fc1ff3e1eed4eb110411276b72aad3c0764b4f3df400254b28108e258361546f
                                                  • Instruction ID: e9e9cd6fc9053612a9b38ed887cbf9c904c8d90f79dfd06f3576d8e3ce451c24
                                                  • Opcode Fuzzy Hash: fc1ff3e1eed4eb110411276b72aad3c0764b4f3df400254b28108e258361546f
                                                  • Instruction Fuzzy Hash: 2D91C474D09609CFCF14CFA9C484AEEBBF6BF4A300F24952AD419AB245D738A945CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05595951, Relevance: .2, Instructions: 183COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 55e0a2ba2abdf9ac84165a59695f646ad450bca5fc9f58deef3faf38dc4a17ac
                                                  • Instruction ID: 1035c898801371f11c5d0fe634e2abcfc67bcbede9e08deb8a35eba692c95160
                                                  • Opcode Fuzzy Hash: 55e0a2ba2abdf9ac84165a59695f646ad450bca5fc9f58deef3faf38dc4a17ac
                                                  • Instruction Fuzzy Hash: EA91AF74901218CFDB29CF64C888BEDBBB2BF49304F1080E9D549AB261DB759E99CF40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 055958EE, Relevance: .2, Instructions: 176COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 41297f33de60c1b9b652dd6288fc9c70504ad5b5f2536ef2b36e50b5c0a490d6
                                                  • Instruction ID: 143969defd392f0f97a232fa1808cff202351554d58e4a3ef249af49784bd160
                                                  • Opcode Fuzzy Hash: 41297f33de60c1b9b652dd6288fc9c70504ad5b5f2536ef2b36e50b5c0a490d6
                                                  • Instruction Fuzzy Hash: 8681AF74901218CFDB69CF65C888BEDBBB2BF49305F1080E9D509AB261DB359E99DF40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05595922, Relevance: .2, Instructions: 175COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 80534bd01f3a4357e2d41d3b01fae84888898cbd11f995c044e50c12cfff0c21
                                                  • Instruction ID: 9c45b5db16f575005c4034098a732fbc2ffa244b4e3a6b1c61ad05d301e24654
                                                  • Opcode Fuzzy Hash: 80534bd01f3a4357e2d41d3b01fae84888898cbd11f995c044e50c12cfff0c21
                                                  • Instruction Fuzzy Hash: F3819F74901218CFDB29CF65C888BEDBBB2BF49305F1080E9D509AB261DB759E99DF40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 055958CB, Relevance: .2, Instructions: 175COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 45010ded3d8de1d6c9788ce7647795bca76b3020acffe764d05ebe6e2d32a0eb
                                                  • Instruction ID: ea8422b50c257fbb640b37d703aa388a8b0e9130b10acbb50a89926b6e5bcafe
                                                  • Opcode Fuzzy Hash: 45010ded3d8de1d6c9788ce7647795bca76b3020acffe764d05ebe6e2d32a0eb
                                                  • Instruction Fuzzy Hash: 1781AE74901218CFDF29CF64C888BE9BBB2BF49305F1080E9D549AB261DB359E99DF40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0559F741, Relevance: .2, Instructions: 169COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4c7024334d2eb4ec8a73c8542bea8733df2af885cc80f246fd45362f6d8d79a1
                                                  • Instruction ID: 2a55b3b3d41d2b3d66d0ca3bf70a104f337c0bf59cf6ebb581afa8f6aef8a891
                                                  • Opcode Fuzzy Hash: 4c7024334d2eb4ec8a73c8542bea8733df2af885cc80f246fd45362f6d8d79a1
                                                  • Instruction Fuzzy Hash: 0F51C230B00209EBDB198B69D455BBDBBE7BF88701F25846AE502EB384DB78CC418795
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05590006, Relevance: .2, Instructions: 150COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ad4745dae0daf9a578096fe4ad0d1098ad0ba751d1785c6a51874d605582baa5
                                                  • Instruction ID: b518840a87f15a98ef80eba219e9e505023d13383e9f736462932ebc62b48946
                                                  • Opcode Fuzzy Hash: ad4745dae0daf9a578096fe4ad0d1098ad0ba751d1785c6a51874d605582baa5
                                                  • Instruction Fuzzy Hash: 075160318092898FCF06DFA0C815AEDBFB2BF46314F050896D441BF1A2DB78694ADB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 055985BE, Relevance: .1, Instructions: 149COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: de8ac1de0ea44f1315ece1fbd7214f375f0a6e0b974c6c5d521e47b095823c63
                                                  • Instruction ID: 02868408a6c86115debcc4a87bd5b1355d337b2320d177d3ee3e67208e442fc7
                                                  • Opcode Fuzzy Hash: de8ac1de0ea44f1315ece1fbd7214f375f0a6e0b974c6c5d521e47b095823c63
                                                  • Instruction Fuzzy Hash: 0351C178E09249DFCF08CF94D584AADBBF6FB5A310F109559E819AB351C338AA45CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0559F038, Relevance: .1, Instructions: 148COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 050db2bcf6dca583f28c861ea0537cde00275647d794dbe7991ebbd0a90231d9
                                                  • Instruction ID: e14870772bc5d2dd7950473ec502ebd9fc03f4a1883e43287c8cd6c82acac877
                                                  • Opcode Fuzzy Hash: 050db2bcf6dca583f28c861ea0537cde00275647d794dbe7991ebbd0a90231d9
                                                  • Instruction Fuzzy Hash: A0514A70A04215CFDF19CBA8C984ABEF7B6FF48300F188966E456E7291D738AD45CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 055901F8, Relevance: .1, Instructions: 143COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 270a2923b04ddd1d4265734d1f3cb24b09e0878259e6f5c9d82882f5d079ed00
                                                  • Instruction ID: 63f5090fcc9d6828729c1d6eb45c7ad1421ef812aafb47b42a00d9b8825ea987
                                                  • Opcode Fuzzy Hash: 270a2923b04ddd1d4265734d1f3cb24b09e0878259e6f5c9d82882f5d079ed00
                                                  • Instruction Fuzzy Hash: 0B51D23190121ECBCF14EFE8D8489EDBBB6FF89300F104925D515BB2A8DB75690ACB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0559D049, Relevance: .1, Instructions: 139COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b805f1e29e41010a24f5bc21dff70ab98d1d5b6078ac486fe72b11af4af6ff4c
                                                  • Instruction ID: d44db692d3fc36c7d36f3cf8ab871074b8600989540ff25edafebba8b6d1a0cf
                                                  • Opcode Fuzzy Hash: b805f1e29e41010a24f5bc21dff70ab98d1d5b6078ac486fe72b11af4af6ff4c
                                                  • Instruction Fuzzy Hash: 8151C474E002099FDF18DFE5C850AAEBBB6FF89300F64816AD505AB3A4DA355D41CB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 08560006, Relevance: .1, Instructions: 136COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.707596182.0000000008560000.00000040.00000001.sdmp, Offset: 08560000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 60dc0b983b9ccd710d5088969969f7e97ba4133653d2f8969caa579a6ac46c72
                                                  • Instruction ID: c7a3828d24b1e60bd37e8eb8f76e92094aab18d5180c576770469c6a7608d1d9
                                                  • Opcode Fuzzy Hash: 60dc0b983b9ccd710d5088969969f7e97ba4133653d2f8969caa579a6ac46c72
                                                  • Instruction Fuzzy Hash: 5A41903150EB919FCB128B348C515BA7FB0BF47222B0985DBE595DB1E3C3389868D362
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 055904F8, Relevance: .1, Instructions: 131COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: aa6dbb1e25aeb67fc048bfd61a9cf83f685a2e30829b964bc0e794b8576d34f7
                                                  • Instruction ID: 892d06b1af4aadf5e175e09c0bbd58fdc8ac2c12198eb1adb743302ce7c31ebe
                                                  • Opcode Fuzzy Hash: aa6dbb1e25aeb67fc048bfd61a9cf83f685a2e30829b964bc0e794b8576d34f7
                                                  • Instruction Fuzzy Hash: EF519174E01249DFCF14CFA9C484AADBBF1BB4D350F104896E912AB3A1D739AA51DB60
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05590700, Relevance: .1, Instructions: 124COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3351826bcae0c2be7d8b20f92e7c628829a921652736b6141f6a37162dd7e5d1
                                                  • Instruction ID: 6e98964a6be2780e4742ef496dc68e39b70bae583f2327b774f9595b8a5773ba
                                                  • Opcode Fuzzy Hash: 3351826bcae0c2be7d8b20f92e7c628829a921652736b6141f6a37162dd7e5d1
                                                  • Instruction Fuzzy Hash: 8041F431D0162A9FCF05DFA4C8484EEBBB6FF46310F410815D5157B2A4EB746A0ACB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05590508, Relevance: .1, Instructions: 120COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 62276e89beaea45137fe76571cb2c027f44b36e852d0ac4a0af0a92914c414e2
                                                  • Instruction ID: d1d167766693455c9935341ad677d5f278f7d14445952984aa10e129aebfdcd2
                                                  • Opcode Fuzzy Hash: 62276e89beaea45137fe76571cb2c027f44b36e852d0ac4a0af0a92914c414e2
                                                  • Instruction Fuzzy Hash: 394190B4E01209DFDF14CFA9C444AADBBF2BB4D340F104895E912AB3A1D739EA50DB60
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05590710, Relevance: .1, Instructions: 118COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0bfc127e8f4bbfd06686e84e4216d42c4235173428f30107c9af16f31ccdc422
                                                  • Instruction ID: b93d99640266793d3ee4a60fb79d447503a9a29096a477a122aea4b79c3ed6d6
                                                  • Opcode Fuzzy Hash: 0bfc127e8f4bbfd06686e84e4216d42c4235173428f30107c9af16f31ccdc422
                                                  • Instruction Fuzzy Hash: 9941E331D0162E9BCF04DFA4C8488EEBBB6FF46310F414825D9157B2A4EB746A0ACF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05590070, Relevance: .1, Instructions: 113COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d911e9eaa560decaf278afb39a0d5ecb20423e9b04901c9c73c1e3afcf31ecd3
                                                  • Instruction ID: b6bc5a7901d60c68df0d97582ecc38ff1295a506bb0c79c2649822a9a654cbf0
                                                  • Opcode Fuzzy Hash: d911e9eaa560decaf278afb39a0d5ecb20423e9b04901c9c73c1e3afcf31ecd3
                                                  • Instruction Fuzzy Hash: B5413531C0121EDECF05DFA0C808AEEBBB6BF4A300F545829D5057B1A0DB746A4ADF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 08562C9E, Relevance: .1, Instructions: 112COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.707596182.0000000008560000.00000040.00000001.sdmp, Offset: 08560000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: de117d1076644b61ec27f0794b270a62d03daf9eba9a9df1518e8446d2f20d29
                                                  • Instruction ID: f433f844873d128ff1f3e95e472b168bf3ee161ab73c33fcb6f25a750281f456
                                                  • Opcode Fuzzy Hash: de117d1076644b61ec27f0794b270a62d03daf9eba9a9df1518e8446d2f20d29
                                                  • Instruction Fuzzy Hash: ED41273890F3D09FC702CB79D4968DABFB5AE4B222B18C5CDD4C96B523C2309495CBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 055964FC, Relevance: .1, Instructions: 104COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0bebe3994528df4bb981d716ced34df35a8d77c82db8b5fa1c0d2310ea1f0670
                                                  • Instruction ID: 010c63a6c873c1c297a4ff74b323e2042aafcf6e1f8ea22b171583d76f2f0c89
                                                  • Opcode Fuzzy Hash: 0bebe3994528df4bb981d716ced34df35a8d77c82db8b5fa1c0d2310ea1f0670
                                                  • Instruction Fuzzy Hash: 0D412A74D09288EFCF19CFA8C584BDCBBF6BF49304F54509AE405A7256C7389949CB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05595121, Relevance: .1, Instructions: 98COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 62c33333098bbb28d6a54b4d8748db875f7ec42fd842db2dcc900be6f05788b8
                                                  • Instruction ID: fa282dae943b3413008d00206289feb0e3f4d86062791132849cf9919f0929ac
                                                  • Opcode Fuzzy Hash: 62c33333098bbb28d6a54b4d8748db875f7ec42fd842db2dcc900be6f05788b8
                                                  • Instruction Fuzzy Hash: 14413A70E0120A9FDB19DFA8D844AADBBB2FF88304F108569E415AB264EB355945DF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 08560070, Relevance: .1, Instructions: 93COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.707596182.0000000008560000.00000040.00000001.sdmp, Offset: 08560000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4e7f3713451cbcc627d53ab3136d2ef8161f2d1e30daabc52505f9a8c0da87bf
                                                  • Instruction ID: cc64d2d5bc706d67509a52c5ecc09c8d178f3658ab49fead94b3140103494a9a
                                                  • Opcode Fuzzy Hash: 4e7f3713451cbcc627d53ab3136d2ef8161f2d1e30daabc52505f9a8c0da87bf
                                                  • Instruction Fuzzy Hash: 0731CF31604A15DBDB208F69CD016BAB7E0BF44376F44892BE6A6E72D1D738D860C291
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0559CA4F, Relevance: .1, Instructions: 93COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 208dd6ec2718b5883e0c4ecd8a1fdca768936d311ad741f22610798f12749b36
                                                  • Instruction ID: d168f84d1c8a254a2f5fe4b9f41b7eef18814b92c1278edfbeed6467613b247a
                                                  • Opcode Fuzzy Hash: 208dd6ec2718b5883e0c4ecd8a1fdca768936d311ad741f22610798f12749b36
                                                  • Instruction Fuzzy Hash: D131C271D05219DFCB18DFA9D4546EEBBB2FF89300F14852AE815B7250D7351A4ACFA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0559FE16, Relevance: .1, Instructions: 93COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ba2d86630cd1e155f7588d92f9b07a039488d683ca1a046b61ce9188a2da0b1f
                                                  • Instruction ID: 453bad5782fb0bb2293eec09434edec5b0e9380588865a6fa089bef7a661c95e
                                                  • Opcode Fuzzy Hash: ba2d86630cd1e155f7588d92f9b07a039488d683ca1a046b61ce9188a2da0b1f
                                                  • Instruction Fuzzy Hash: C6319E31A14215CBDB4ACB6AC8406B9B3E2FF84315F1C8666E465CF2D6D33CC984D7A9
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05595130, Relevance: .1, Instructions: 92COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5731ab791e4626a4d6f4e8fef29ff73a70654658fbf4b137082f45db553516f3
                                                  • Instruction ID: d7e54bd41427ddfde655271e9720e4111b924a667d0f861363ed94205f336bc6
                                                  • Opcode Fuzzy Hash: 5731ab791e4626a4d6f4e8fef29ff73a70654658fbf4b137082f45db553516f3
                                                  • Instruction Fuzzy Hash: 16311770D0120EDFCB18DFA9D884AADBBB2FF88304F208469E415AB264EB359D45DF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0559D0E8, Relevance: .1, Instructions: 91COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1af1de03684f9460d750952016d41db17aa12f96d38b7eec899452eff23fa0a7
                                                  • Instruction ID: e1b04d691bea63ca3f69f7a0b5a45161d37e9547a6b9c8004dac3eb8ace8a809
                                                  • Opcode Fuzzy Hash: 1af1de03684f9460d750952016d41db17aa12f96d38b7eec899452eff23fa0a7
                                                  • Instruction Fuzzy Hash: 9E31B674E00609AFDF08DFE5D890AADFBB6FF99300F60812AD509AB3A4DA355D41CB51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0856B500, Relevance: .1, Instructions: 86COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.707596182.0000000008560000.00000040.00000001.sdmp, Offset: 08560000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b24d1946a1e49e92796c1b8123598f7f6851c5c8fce22fb32d7b3f52f6bdc406
                                                  • Instruction ID: 7c067be362a9041915fd1a4faeced2d4a09edb1f41b8c837aab383df1b086193
                                                  • Opcode Fuzzy Hash: b24d1946a1e49e92796c1b8123598f7f6851c5c8fce22fb32d7b3f52f6bdc406
                                                  • Instruction Fuzzy Hash: C53166B0D1531ADFCB44CFA5C4846EEBBF5FB48322F1099AAC401E3250EB789A508F56
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0559CA60, Relevance: .1, Instructions: 85COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9fcb61f339df92d922a015ee83c35eed7d71a6e6c08673af286187bddc8193c9
                                                  • Instruction ID: ad55d010611da6fce48843dc44cb38cfeb846d2832649de5590754345ff2dec2
                                                  • Opcode Fuzzy Hash: 9fcb61f339df92d922a015ee83c35eed7d71a6e6c08673af286187bddc8193c9
                                                  • Instruction Fuzzy Hash: 1131B071D05219DFCB18DFA9D4446EEBBB6FF89300F10942AE815B7250DB741A46CFA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05590409, Relevance: .1, Instructions: 82COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 22ce1bf7d1da1a7510e6ef740405356bfe9bc96a5c54c335eaa7c5b23341932c
                                                  • Instruction ID: 9471c777c931f85cd83061be65ac515e017a2740dcf2f5d191ffd68e82b23e36
                                                  • Opcode Fuzzy Hash: 22ce1bf7d1da1a7510e6ef740405356bfe9bc96a5c54c335eaa7c5b23341932c
                                                  • Instruction Fuzzy Hash: 2D3156B0D0521ADFCF18CFA5D848AEEBBB6FF89310F109429D109A7260D7381949CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 08561731, Relevance: .1, Instructions: 79COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.707596182.0000000008560000.00000040.00000001.sdmp, Offset: 08560000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: af2f68c02a81a98e6c19dd2031f9cc11c4c1879fef6c7c67408e0fabc001ad3c
                                                  • Instruction ID: c52dde06e4d1fd3c556ffdac9950650695377b2a7d01698e89649db8f3941f35
                                                  • Opcode Fuzzy Hash: af2f68c02a81a98e6c19dd2031f9cc11c4c1879fef6c7c67408e0fabc001ad3c
                                                  • Instruction Fuzzy Hash: D73127B4D04649CFCB44CFA9C4809AEFBB1FF49321F10859AC815A7325C3389A55CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05590418, Relevance: .1, Instructions: 79COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4e5de0f46ea73e706a782632ea99c196c136dc8d45f0065791d584b851c07a33
                                                  • Instruction ID: 246a72f8508b3642f3be3ae15e0b0c1e80154c0342c2e96a4fd1a08aef4f99a2
                                                  • Opcode Fuzzy Hash: 4e5de0f46ea73e706a782632ea99c196c136dc8d45f0065791d584b851c07a33
                                                  • Instruction Fuzzy Hash: FF3103B0D0521ADFCF18CFA5D848AEEBBB6FF89310F109829E109A7260D7795945CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0559D228, Relevance: .1, Instructions: 77COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3384921b856c6d16adb19db08113a6c5f63418830b1c2182350c2072638ff0de
                                                  • Instruction ID: 0c7ee81217e6c6de74af39ff6f9bedcfc323c5d367d91150d86506ef748e7e00
                                                  • Opcode Fuzzy Hash: 3384921b856c6d16adb19db08113a6c5f63418830b1c2182350c2072638ff0de
                                                  • Instruction Fuzzy Hash: 75218E35A053198FDB04DBA9DC506AEBBF2FFCA300F244165D5496F394DA349D01CB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05598808, Relevance: .1, Instructions: 76COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7273a1f14b84d3f24572918b12927da3e76eb967e1741242296bba3a2f59ccd7
                                                  • Instruction ID: ef7bb0c0d0086add0da6e8dbc5f2853059f53a092132b2b652eddf577458a80e
                                                  • Opcode Fuzzy Hash: 7273a1f14b84d3f24572918b12927da3e76eb967e1741242296bba3a2f59ccd7
                                                  • Instruction Fuzzy Hash: EE21F4B0D0A209CFDF18CB95C444AFEBBB6BB4A300F149CA9D41673240D37C8981CBA4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05595199, Relevance: .1, Instructions: 74COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3a3cd5afc52d22907e733d9124cf39aaa57bc36732b72a7e9d2019232481db05
                                                  • Instruction ID: 36f7961f93ed245ba537c6cffb24ccc2308664fe83cfac827f789d59cb1dd817
                                                  • Opcode Fuzzy Hash: 3a3cd5afc52d22907e733d9124cf39aaa57bc36732b72a7e9d2019232481db05
                                                  • Instruction Fuzzy Hash: 66312570D0120E9FCB18DFA9E484AADBBF2FF88304F208569E416AB364EB355D45DB50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 08561740, Relevance: .1, Instructions: 73COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.707596182.0000000008560000.00000040.00000001.sdmp, Offset: 08560000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2236709980dabcf133dfc4352fc0dd84a8d172d5b6bb60ff586ee89bcfb0c40f
                                                  • Instruction ID: 854e82482544e73c06f54fadfcde5980d50fbd65cad7fb5c1c47d16c63204922
                                                  • Opcode Fuzzy Hash: 2236709980dabcf133dfc4352fc0dd84a8d172d5b6bb60ff586ee89bcfb0c40f
                                                  • Instruction Fuzzy Hash: CC31F8B4D0460ADFCB44CFA9C4809AEFBF1FB48321F50956AD815A7314D738AA52CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0559F56A, Relevance: .1, Instructions: 73COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: be7700cd7363f366efd3102e18ee438c7a2aa4728e3750ebbc456632da3da61e
                                                  • Instruction ID: df11dbcb1d9803c3935f1cd9e7e2484a6a321991d4535ba4d470bd68b35d7629
                                                  • Opcode Fuzzy Hash: be7700cd7363f366efd3102e18ee438c7a2aa4728e3750ebbc456632da3da61e
                                                  • Instruction Fuzzy Hash: B2212B226092919FDB0E8F78ECC47BABB62FF0A314F044563E466DB191C22DDC958795
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0559EF09, Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3ff3cafc4b784fe4733283dad2270ffe8fd1c1ca14c6b76ed0f419cb8da98b3d
                                                  • Instruction ID: 083734d9450fc3115299b7a3cb194d880cd7fd17cc9637b208a858b10dded6df
                                                  • Opcode Fuzzy Hash: 3ff3cafc4b784fe4733283dad2270ffe8fd1c1ca14c6b76ed0f419cb8da98b3d
                                                  • Instruction Fuzzy Hash: A8218C31A15104CFDB05CF28D849BBABBBAFF45304F0985A7E825DB291D77A9D04CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0559D4CA, Relevance: .1, Instructions: 71COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3a32fe90396de7fbbc56d1b7ad98469e09da62f962ea6c7470a507ef382ca8f6
                                                  • Instruction ID: 8dba091b0b8459105be4ecab2b4d59e4ce2c301bc1734b9fc573b3ed042cef16
                                                  • Opcode Fuzzy Hash: 3a32fe90396de7fbbc56d1b7ad98469e09da62f962ea6c7470a507ef382ca8f6
                                                  • Instruction Fuzzy Hash: D921E4B16182A58BCB19CB7CCC546BABBB5FB06304F054967E456DF292C268EC448792
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0856328A, Relevance: .1, Instructions: 67COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.707596182.0000000008560000.00000040.00000001.sdmp, Offset: 08560000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4ab78d2443bfd5067f9ea691a13c603358bcb451ce141e5247b47ec33eec3b11
                                                  • Instruction ID: 41d7e74f42070edaebb6496290a9add5206d2f35f361cf808a169cfa50ac3a4b
                                                  • Opcode Fuzzy Hash: 4ab78d2443bfd5067f9ea691a13c603358bcb451ce141e5247b47ec33eec3b11
                                                  • Instruction Fuzzy Hash: 24215570E0925ADFCB44CFA9C5809AEFFB1FF89215F10C8AAC415AB211D7308A64DF51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 08561851, Relevance: .1, Instructions: 63COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.707596182.0000000008560000.00000040.00000001.sdmp, Offset: 08560000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2252d17581c4bd5b41f502907815ee994acec31e99d30bd3c9d9732d9512d22e
                                                  • Instruction ID: 0dcddfd75263b08b7ce3267020583a02f4ed0b8a162d96afb9334e4b3585bf5e
                                                  • Opcode Fuzzy Hash: 2252d17581c4bd5b41f502907815ee994acec31e99d30bd3c9d9732d9512d22e
                                                  • Instruction Fuzzy Hash: CF213870E0461ADFCB04CFA9C5819AEFFF2FF89310F15899AC414AB221D7309A11CB50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05590DA8, Relevance: .1, Instructions: 60COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 086857c4cdec7647085a48534c313dcf8754c35e4273de6950d4343bca086938
                                                  • Instruction ID: 2ec2aa2391bb461dae289542e7cf531558fba612154c30516cd8c00e58493790
                                                  • Opcode Fuzzy Hash: 086857c4cdec7647085a48534c313dcf8754c35e4273de6950d4343bca086938
                                                  • Instruction Fuzzy Hash: 9121FC70905149DFCB09DBA9C554AEDBBB2FF89204F1489A9D4056B365DB306F05DB80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05597B70, Relevance: .1, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4a2a47f53b45ac1476d32ca977373fcf1da029b3f129873f710ea96875d8381e
                                                  • Instruction ID: bec22c935f556c65b57f1aac5278de089832a2b289d8da75eb49f747a556e395
                                                  • Opcode Fuzzy Hash: 4a2a47f53b45ac1476d32ca977373fcf1da029b3f129873f710ea96875d8381e
                                                  • Instruction Fuzzy Hash: D01102329102098BCF18DF94DD862DCFBB1FB48214B68468ED8159B345EF3CDA45CB80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05596350, Relevance: .1, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a4098a271a0573f87092e7eb3eb38389156c18afbdd85987bd7a1e16be54b87d
                                                  • Instruction ID: 21e5c8a8c213d2aa7db03a582ca8c19b9c236236f7d6c03ff0ccdd6ac6368bc2
                                                  • Opcode Fuzzy Hash: a4098a271a0573f87092e7eb3eb38389156c18afbdd85987bd7a1e16be54b87d
                                                  • Instruction Fuzzy Hash: 62215E74D0524ADFCB14DFA8C4849EDBFB2FF4A310F104699D8546B395CB30AA49CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05590DB8, Relevance: .1, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e9b5567cdff975f2e25ccff49a2a601274743697c3ed685815813f8560339953
                                                  • Instruction ID: fa5fa7e1a503de3612da0f6a1f9d9264b7b4787f28478d76ce9d88e9e9375f7f
                                                  • Opcode Fuzzy Hash: e9b5567cdff975f2e25ccff49a2a601274743697c3ed685815813f8560339953
                                                  • Instruction Fuzzy Hash: 11110D70D05109DFCB08DBA9C544AEEB7B6FF89304F5089A994096B365DB306F00DB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0559EF8B, Relevance: .1, Instructions: 51COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2b7ba9068d4a75c843203ccd52d790ce2ca4a75cfb4985dbe588e99f9e683f54
                                                  • Instruction ID: 115050534fd284489ee2d17dd5c9410ec8b1b957e83c4be94b5c81d1001c1221
                                                  • Opcode Fuzzy Hash: 2b7ba9068d4a75c843203ccd52d790ce2ca4a75cfb4985dbe588e99f9e683f54
                                                  • Instruction Fuzzy Hash: 4C119131A15000CFCB05CF28D849BB9B3EAFF04305F4984A6E526DB2A1D77ADC14D741
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05597BB2, Relevance: .1, Instructions: 51COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: aaa79d6262c730eb4aa4573f389074b953c3c37c671360f9a90b11eef4ba611e
                                                  • Instruction ID: bee162803b5ba6a3fa6ec910e40649062992f5b05742333d646db4868d4248f9
                                                  • Opcode Fuzzy Hash: aaa79d6262c730eb4aa4573f389074b953c3c37c671360f9a90b11eef4ba611e
                                                  • Instruction Fuzzy Hash: B211BF70D1124ADFCF28DFA8D44869DBBB1FF4A300F2486AAC8155B305DB359A05CB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0559067F, Relevance: .0, Instructions: 48COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7d6d61eeaef8784144d03c9c2c072b2678f6190d3da6728b7d60c3e70a398dd6
                                                  • Instruction ID: fadc5b1a6a12ad7e2a6e3a15ca041c186449b00a15b56b8a57f96569e7b5ebe5
                                                  • Opcode Fuzzy Hash: 7d6d61eeaef8784144d03c9c2c072b2678f6190d3da6728b7d60c3e70a398dd6
                                                  • Instruction Fuzzy Hash: 1B014F30E462489FCB08DBB5C4909EFBF76EFC6204F1499A9804167295CB345A429A44
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 08562D40, Relevance: .0, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.707596182.0000000008560000.00000040.00000001.sdmp, Offset: 08560000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f19faae182b02b5b2e93179dd9722044c7c794c32b578a31ca3105f6dca63cd8
                                                  • Instruction ID: c9adff65875534f3a722fb2f3806b5e2180b9192b38a185dd079dc9ed2f05d1f
                                                  • Opcode Fuzzy Hash: f19faae182b02b5b2e93179dd9722044c7c794c32b578a31ca3105f6dca63cd8
                                                  • Instruction Fuzzy Hash: 9511CEB4D01209DFCB48DFAAC5408AEFBF6BF88321F14C5A9D815A7215D7309A92CF61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0559CE50, Relevance: .0, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 75b279fdd1f8dc097bef8e683703090b8fe6fec9b4b8a32a23ace04cdd3d0636
                                                  • Instruction ID: 3a2e13efeb3fb7e78fc80e7cd74ffabfd07460699c2370908e2a7cbf132d2806
                                                  • Opcode Fuzzy Hash: 75b279fdd1f8dc097bef8e683703090b8fe6fec9b4b8a32a23ace04cdd3d0636
                                                  • Instruction Fuzzy Hash: 97014F70D99248DFCF2ACB98C1445BCBBB6BB86301F1085A9C8435B351C7345E45EB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0559CDE1, Relevance: .0, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a4adef227b1869fdd27ef04a095d8d7f5baee59902dad07d922c4dab9991fed6
                                                  • Instruction ID: eafefc501fb1d963460d1afc9ebfcec71da7de319890e5ac8c29b8b5d06ae903
                                                  • Opcode Fuzzy Hash: a4adef227b1869fdd27ef04a095d8d7f5baee59902dad07d922c4dab9991fed6
                                                  • Instruction Fuzzy Hash: DF0128B0D093898FCF06DFA9C4545ADBFB1FF86300F1981EAC8459B252D2395E09CB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0559CEC8, Relevance: .0, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ca061c4955bcbc3ac6db9231aa7a1e235bb9fa8dd4ea6f143ce140e932600b49
                                                  • Instruction ID: 18d452a34fbb548685fa7968f309a4d7d9a97010587514477e497a5ed3deb551
                                                  • Opcode Fuzzy Hash: ca061c4955bcbc3ac6db9231aa7a1e235bb9fa8dd4ea6f143ce140e932600b49
                                                  • Instruction Fuzzy Hash: B9017834D19248DFCB18DFA8C408AAEBFB0FF06310F1495AAC825AB261C7349905DB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 08563380, Relevance: .0, Instructions: 41COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.707596182.0000000008560000.00000040.00000001.sdmp, Offset: 08560000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0b22f20f4b8224e6ab6a74d34076ae0250710871306ec3e97c5787593cab128d
                                                  • Instruction ID: ad9217bd1dbc2d1df1143a44c9c9bd3a97eb94986e6dbff2d8acb9cd99d1c6c3
                                                  • Opcode Fuzzy Hash: 0b22f20f4b8224e6ab6a74d34076ae0250710871306ec3e97c5787593cab128d
                                                  • Instruction Fuzzy Hash: 76011638A04248EFCB05DFA9C588A9DBFF1FF49210F1981D9D8489B362CA31D950CB41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0856C080, Relevance: .0, Instructions: 40COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.707596182.0000000008560000.00000040.00000001.sdmp, Offset: 08560000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6640854fae2ded1f85d8a0f131f722d8ab16192f530df38004c19683d40a405e
                                                  • Instruction ID: 7141e0b94c7d57b508c5d1f631829810cdb7751def5809d59014282aefcffa28
                                                  • Opcode Fuzzy Hash: 6640854fae2ded1f85d8a0f131f722d8ab16192f530df38004c19683d40a405e
                                                  • Instruction Fuzzy Hash: 18014B34D04208DFCB44DFA5D555AADBBB6FB85325F10D5A9C41567281DB305A50CB80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0559CED8, Relevance: .0, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: aac2c7eb7aea8c838098d6186277c34361cea06439194e4cd3c583a6c40aafff
                                                  • Instruction ID: ff3bb9cefb61729baa31d7b51499055b6b9affa04442d316a4001f66257a7e0c
                                                  • Opcode Fuzzy Hash: aac2c7eb7aea8c838098d6186277c34361cea06439194e4cd3c583a6c40aafff
                                                  • Instruction Fuzzy Hash: D9F06D34D05208DFCF18DFA8C044AAEBBB5FB05301F1194A9D815AB350D7349E40CF81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0559CB58, Relevance: .0, Instructions: 35COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ddeb0fd53f5dfa7ec79e644b35757f7ed5fabc5936cdb89257c379e0227f6a37
                                                  • Instruction ID: 0ecd2d8cafb1b61a0c36a27d76023927d4a2972911cae245fa9799798ec58d6d
                                                  • Opcode Fuzzy Hash: ddeb0fd53f5dfa7ec79e644b35757f7ed5fabc5936cdb89257c379e0227f6a37
                                                  • Instruction Fuzzy Hash: 4A014274D09208DFCB14DFA8D0485ADBFB2FF4A300F1485AAC855A7352C6351A15DB42
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 08561920, Relevance: .0, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.707596182.0000000008560000.00000040.00000001.sdmp, Offset: 08560000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3a681dd3cd8f5d50ad2666555a53a81dad22f872bc99e02d0c03e1ff17386daf
                                                  • Instruction ID: 5823593e04f4f1065317bac2cfe0afb4d14b60809927812ef8e68700898ef591
                                                  • Opcode Fuzzy Hash: 3a681dd3cd8f5d50ad2666555a53a81dad22f872bc99e02d0c03e1ff17386daf
                                                  • Instruction Fuzzy Hash: E7F01774805288EFCB02EBB8D5609AEBFB1FF0A311F1046EAD854A7312C3758A10DF41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 08563390, Relevance: .0, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.707596182.0000000008560000.00000040.00000001.sdmp, Offset: 08560000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 96ec91d1acbebce72f881f86eb16a1fb77e6b59edd3a970c29e7d5f413832631
                                                  • Instruction ID: 770b0e859829dade0a03b6d6cfca05f4555e7ea29f747669b0d5fd176565ac84
                                                  • Opcode Fuzzy Hash: 96ec91d1acbebce72f881f86eb16a1fb77e6b59edd3a970c29e7d5f413832631
                                                  • Instruction Fuzzy Hash: 8FF06278A00209EFCB44DFA9C588A9DFBF5FF88200F15C19899089B361DA31E951CB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 055908E9, Relevance: .0, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 896a7b47c78a0b9998e73ae5e91c87b7a3257c7783ad954d064ec4e6a4b8c7ab
                                                  • Instruction ID: 8817d44bc5a017038749d34d6a36bb34468d9f610fa5e9dac5c1bd86e4313ce9
                                                  • Opcode Fuzzy Hash: 896a7b47c78a0b9998e73ae5e91c87b7a3257c7783ad954d064ec4e6a4b8c7ab
                                                  • Instruction Fuzzy Hash: 81F01474905249DFCB11CBA8C498A9DBFB0FB0A220B158AD9D814AB315C634AA05DB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05596400, Relevance: .0, Instructions: 30COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8fd4bf890e7e3f5834c81a0b46b8477b7efdf8d23f15958ac184acddb08a1cce
                                                  • Instruction ID: 6166c492e4b3afebee4f742da72cd6e51adc78a29dca00acbf0141cc05867fc7
                                                  • Opcode Fuzzy Hash: 8fd4bf890e7e3f5834c81a0b46b8477b7efdf8d23f15958ac184acddb08a1cce
                                                  • Instruction Fuzzy Hash: 18F04934A0624A9FCB05DFA8C5805ADBFB2FF45200F2086DA88446B355CB30AE46CB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05596410, Relevance: .0, Instructions: 27COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b1edbb5fcdb159ae04d77de81525b866e6cf26497bdd718c6b43bbcfb706592c
                                                  • Instruction ID: 59c3bff6c1544962a0c78ad2c801a82272d05f01b6fcd3677b6d0d5acce0c1e9
                                                  • Opcode Fuzzy Hash: b1edbb5fcdb159ae04d77de81525b866e6cf26497bdd718c6b43bbcfb706592c
                                                  • Instruction Fuzzy Hash: 06F0DA74D0120DDFCB04DF99D5849AEFBB5FF84300F208699881467344DB70AE41CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 085680F7, Relevance: .0, Instructions: 24COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.707596182.0000000008560000.00000040.00000001.sdmp, Offset: 08560000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4d87d3feb643c19bc204a57354c2da3ebdace4e51fdb7800551e652b41aaa9e5
                                                  • Instruction ID: 459fac9132b05d468a493d6f0e57ff3e94b47cf4c11f98bdc16a6866e3d71e0a
                                                  • Opcode Fuzzy Hash: 4d87d3feb643c19bc204a57354c2da3ebdace4e51fdb7800551e652b41aaa9e5
                                                  • Instruction Fuzzy Hash: 85F03234959388EFCB52DBB8D094688BFB0FF06215F1441EEC844EB262DA308948CB42
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 08561930, Relevance: .0, Instructions: 22COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.707596182.0000000008560000.00000040.00000001.sdmp, Offset: 08560000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a4cd1c3c3e9f347ef2bcc2fd82ff120cd64a21d3ca91b8ecba601c51a696a557
                                                  • Instruction ID: dda521ae38417cc7e6569271b80f502b3b65c33330833e43f7aa2f420a8784a5
                                                  • Opcode Fuzzy Hash: a4cd1c3c3e9f347ef2bcc2fd82ff120cd64a21d3ca91b8ecba601c51a696a557
                                                  • Instruction Fuzzy Hash: 95E0E5B4D0020CEFCB44EFA8D545AADBBB5FB09305F1086AEE814A3311D7319A51DF80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 085601F0, Relevance: .0, Instructions: 22COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.707596182.0000000008560000.00000040.00000001.sdmp, Offset: 08560000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cba13357261f5a879a1ca3fb39e9d253c9fd166ac6796959e322526dc20da45c
                                                  • Instruction ID: be0f153350e3d66d4510622ba40ead05cf8cde2d19a9a0b1f90f72b02712384a
                                                  • Opcode Fuzzy Hash: cba13357261f5a879a1ca3fb39e9d253c9fd166ac6796959e322526dc20da45c
                                                  • Instruction Fuzzy Hash: 26E04F3005A6C8CFC743EB78D8189993F74EF47216F1445EDD086CB0A3CA711816DB21
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 08562264, Relevance: .0, Instructions: 20COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.707596182.0000000008560000.00000040.00000001.sdmp, Offset: 08560000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f696293d4cd2161355a1cb7f5e300e135b453bbd6a9c2aad35e317cd726d1064
                                                  • Instruction ID: bd2446fd55933a9dd3fa74e2433696c4eea77f0c5d957daa6b56f1daf3e9c479
                                                  • Opcode Fuzzy Hash: f696293d4cd2161355a1cb7f5e300e135b453bbd6a9c2aad35e317cd726d1064
                                                  • Instruction Fuzzy Hash: C5F06278902368DFDB64CF64C980B99BBB1FB08301F1011DAE409AB251D7359E80CF00
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 055901B4, Relevance: .0, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 97d6e34fbeab27ef1ee17dfbb94f6a08cefb71091c012f816646f29d94d0a58f
                                                  • Instruction ID: 31ce2ee19a13d918667a03caa815742ea7d5a8bf7212ea848e4ad7412cd5cc1d
                                                  • Opcode Fuzzy Hash: 97d6e34fbeab27ef1ee17dfbb94f6a08cefb71091c012f816646f29d94d0a58f
                                                  • Instruction Fuzzy Hash: BFD01735906218CFCF24DFA0E8882ECFB36FB86325F205C6AC51AA7261C7359446DF80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 08566D56, Relevance: .0, Instructions: 17COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.707596182.0000000008560000.00000040.00000001.sdmp, Offset: 08560000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6bb7abc9123279f7d39b68e03e35e39e5f34686f2c9553dd3169b6d836e08a74
                                                  • Instruction ID: 583f0ed3e265cb79644d59ba081dc0c1630a119f862707a0c14eb8488b8499d0
                                                  • Opcode Fuzzy Hash: 6bb7abc9123279f7d39b68e03e35e39e5f34686f2c9553dd3169b6d836e08a74
                                                  • Instruction Fuzzy Hash: F3E07EB8D042598BCF00CFA8C841A9DB7B5BB54300F40905A9919AB344D3349905CF05
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 08568108, Relevance: .0, Instructions: 17COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.707596182.0000000008560000.00000040.00000001.sdmp, Offset: 08560000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 224a539e52c5e0fefa80c4a6c325e51b04ef089e3faf1cb10a7ae0fbe23f7d9e
                                                  • Instruction ID: c401f841b89d8968d2cd2b91e2f28c0f47d0999691d0b95c194d1564798708bb
                                                  • Opcode Fuzzy Hash: 224a539e52c5e0fefa80c4a6c325e51b04ef089e3faf1cb10a7ae0fbe23f7d9e
                                                  • Instruction Fuzzy Hash: 4AE0BD74E10208EFCB90EFA8D048A9CBBF4EB08205F1081E9980893350EA31AA54CB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0856B160, Relevance: .0, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.707596182.0000000008560000.00000040.00000001.sdmp, Offset: 08560000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cdcc661485e573beb667b1ab96cff8a8552546ef05811616b1ed06fdcbac1c14
                                                  • Instruction ID: 0abc9b49825789af1e56b3a93e7b78cdef11712a7b060bd87383447bd276dc9e
                                                  • Opcode Fuzzy Hash: cdcc661485e573beb667b1ab96cff8a8552546ef05811616b1ed06fdcbac1c14
                                                  • Instruction Fuzzy Hash: B0D01770D1020CEECB50EBB8A4042ACBFF4AB44211F1081EE885493240EB355650CB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0856AB00, Relevance: .0, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.707596182.0000000008560000.00000040.00000001.sdmp, Offset: 08560000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 335af0d650b40d99c430b04bcb51554102e89ed23a5634abe01cba30b0607563
                                                  • Instruction ID: 1cc54711368ff1ebc728f45cbf107134db5c10dc9b6a5bce201ffcee0d3ecb38
                                                  • Opcode Fuzzy Hash: 335af0d650b40d99c430b04bcb51554102e89ed23a5634abe01cba30b0607563
                                                  • Instruction Fuzzy Hash: E8D06C74E1020CEFCB95EFA8D54579DBBF9EB44705F1086BEC818A3250EB35AA54CB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 085623D5, Relevance: .0, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.707596182.0000000008560000.00000040.00000001.sdmp, Offset: 08560000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b57fd0de7b4d93dccc9c7371c276bf747211318427c250e8a71ac2e7401dbf09
                                                  • Instruction ID: 98aeda3ba0734e48a9ec110ff81fb8db768b203a09389757cf6bc76b773f2db5
                                                  • Opcode Fuzzy Hash: b57fd0de7b4d93dccc9c7371c276bf747211318427c250e8a71ac2e7401dbf09
                                                  • Instruction Fuzzy Hash: 1AE07E78D01208CFCB44CFA4D280ACDBBB2FB48360F249499E401AB355D636DE45CF14
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0559019B, Relevance: .0, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7759afbe1f8d4ec516e0fab3166d495fbc5220d84dddab4c58b79a7c4f83f08d
                                                  • Instruction ID: 47a56d7ad6cc4c0180dbcfd657bb7d5fb96b766f3088226e4ad31a7dd28c8cb5
                                                  • Opcode Fuzzy Hash: 7759afbe1f8d4ec516e0fab3166d495fbc5220d84dddab4c58b79a7c4f83f08d
                                                  • Instruction Fuzzy Hash: 53D05236A02218CF8B208AA0E8400ECF73AFB8A225B20986AC509A3211C7319402DF80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015B23F4, Relevance: .0, Instructions: 15COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.703361654.00000000015B2000.00000040.00000001.sdmp, Offset: 015B2000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6e44af031af8dbeea9e4061324e4d8444323b70e7f92dea605a25b26c4d17372
                                                  • Instruction ID: cf12e2fffc08dd57ec7ee40bfb44f83eb077c46734e62caf09db5ef6896fd8b0
                                                  • Opcode Fuzzy Hash: 6e44af031af8dbeea9e4061324e4d8444323b70e7f92dea605a25b26c4d17372
                                                  • Instruction Fuzzy Hash: EDD05E79205A914FE3268A1CC1A8BD93FE4BF51B05F5644F9E8008FA67C369E681D210
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 08560200, Relevance: .0, Instructions: 15COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.707596182.0000000008560000.00000040.00000001.sdmp, Offset: 08560000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5b301204cdf5a1c18c31a6c1e6dbfa32b59f18fcfd5b150af54fd566018e44eb
                                                  • Instruction ID: efa7b0a8a8cb016af6d51f55a0dfbeee2b9c5ebce97edf54262abbaaa2092ec5
                                                  • Opcode Fuzzy Hash: 5b301204cdf5a1c18c31a6c1e6dbfa32b59f18fcfd5b150af54fd566018e44eb
                                                  • Instruction Fuzzy Hash: CFD09270461A0CDFC795EBB4E80D6597AACFB06216F1045ECA40993152DF716810CAA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 08566141, Relevance: .0, Instructions: 15COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.707596182.0000000008560000.00000040.00000001.sdmp, Offset: 08560000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6315d37f82a88a274825fcde1ffef67b75f89a08fd75ad01972bf2014a1e0728
                                                  • Instruction ID: ad15984c0a74d5bf5ad3ad4b07c8bcbce83cc0913f517f3a897bc4df346496da
                                                  • Opcode Fuzzy Hash: 6315d37f82a88a274825fcde1ffef67b75f89a08fd75ad01972bf2014a1e0728
                                                  • Instruction Fuzzy Hash: 26E01774D043499FDB14CFA9C840B8EB7F6BF99300F00A0AA810AAB214E3309A41CF20
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 08565D2A, Relevance: .0, Instructions: 15COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.707596182.0000000008560000.00000040.00000001.sdmp, Offset: 08560000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 74fdc39991241753f26210fb8b53019cb6ee1154c028f0fa184f5fedf6cce0a1
                                                  • Instruction ID: df59085c34fac9c53dcb2b2e42349649cd4d53d144a96f4a540b8b3de7a6e064
                                                  • Opcode Fuzzy Hash: 74fdc39991241753f26210fb8b53019cb6ee1154c028f0fa184f5fedf6cce0a1
                                                  • Instruction Fuzzy Hash: 62D09E7498C399DEDB208F61982079AFAB1FB07211F1479DA858FA7120E33146554F27
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 015B23BC, Relevance: .0, Instructions: 14COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.703361654.00000000015B2000.00000040.00000001.sdmp, Offset: 015B2000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 76975bfb3b63a50cf8a63239474ff410b2a64326c4d3b8f7cfa4a98221c7c0be
                                                  • Instruction ID: 497cbcca9db7ab84655cadc436dab2835e4041777c6e009aac0886a71b4c3fd8
                                                  • Opcode Fuzzy Hash: 76975bfb3b63a50cf8a63239474ff410b2a64326c4d3b8f7cfa4a98221c7c0be
                                                  • Instruction Fuzzy Hash: 95D05E342012814BD715DB0CC1D4F9D3BD4BB41B00F0644E8AD008F266C7A4E8C1C610
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 08560B6F, Relevance: .0, Instructions: 14COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.707596182.0000000008560000.00000040.00000001.sdmp, Offset: 08560000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4367f5ecc5c835e058afd1010a47b961faef14719a3105718ad98b6fe4cc404b
                                                  • Instruction ID: 64a0d91369748a8f43c19558cb535ae2e0cc2d5e47abb5c4cfb71098ebdbb3c7
                                                  • Opcode Fuzzy Hash: 4367f5ecc5c835e058afd1010a47b961faef14719a3105718ad98b6fe4cc404b
                                                  • Instruction Fuzzy Hash: D7E0B670A1222ADFDB54DFA4ED95B9DBBB1FF44210F0016EAD009A7294DB355E80CF14
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05597F20, Relevance: .0, Instructions: 13COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.705369032.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ebf9c58ca7183cb6c7ea007d318a90d6c3b9481130cdfa42cdd3af02f9f4f274
                                                  • Instruction ID: 1d97648621d2309cb0680b6f0e7938486bf281e346f0b6238d60840424ed6472
                                                  • Opcode Fuzzy Hash: ebf9c58ca7183cb6c7ea007d318a90d6c3b9481130cdfa42cdd3af02f9f4f274
                                                  • Instruction Fuzzy Hash: 70D0C935F50108DBDF20DB84E841BDCBB71FB88316F104066E629B7280C63029168F80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 08566FCB, Relevance: .0, Instructions: 12COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.707596182.0000000008560000.00000040.00000001.sdmp, Offset: 08560000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 37b199a4fcd2d6d9a559e7145f525b06854cb32fbff9c12d857a61b25f38d796
                                                  • Instruction ID: fb5a8507c3c4a332c4daf98630e86290e50a0de18c810c13bed3170ca1d9fccc
                                                  • Opcode Fuzzy Hash: 37b199a4fcd2d6d9a559e7145f525b06854cb32fbff9c12d857a61b25f38d796
                                                  • Instruction Fuzzy Hash: 92D0C9B49042498BCF55DF54C840BDAB7F5BB4A300F001296914AE7250D7305A10CF49
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 08566AA2, Relevance: .0, Instructions: 11COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.707596182.0000000008560000.00000040.00000001.sdmp, Offset: 08560000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ecef95593f18d932fd6d2bdc10ed0077e000e294a229ed754efe00ed4386b6a2
                                                  • Instruction ID: f9dde97a7f0e12e46ee105e1c381b586fb99a8052947e2bf284568fbc8e3de75
                                                  • Opcode Fuzzy Hash: ecef95593f18d932fd6d2bdc10ed0077e000e294a229ed754efe00ed4386b6a2
                                                  • Instruction Fuzzy Hash: DBD0CAB8E0829E8BCF20DFA4C850BAEF776BB48301F00909A802AA3241D7305A00CF05
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 08565CE3, Relevance: .0, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.707596182.0000000008560000.00000040.00000001.sdmp, Offset: 08560000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3e2a58ea32356f301b12ff61981e2bdbb1ea19328da1fd1586b0920ed1f87293
                                                  • Instruction ID: c324ac3648274f69f907bc5450c16ad503138e1b8dac20e3650ec132e9ff4ffc
                                                  • Opcode Fuzzy Hash: 3e2a58ea32356f301b12ff61981e2bdbb1ea19328da1fd1586b0920ed1f87293
                                                  • Instruction Fuzzy Hash: 9BC012B8C0828A8BCF10DFA4C800BAEB7F6BB84200F0090AA8009B7640D7308A44CF22
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 085671AC, Relevance: .0, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.707596182.0000000008560000.00000040.00000001.sdmp, Offset: 08560000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c2a69be9c059ee0da7ffc864e263448faa355cf461f3eae159665164d3069a04
                                                  • Instruction ID: 901e3ee8543f95c799db3eedd94143e0bdc1142e50b7aa2f8328f94df915b796
                                                  • Opcode Fuzzy Hash: c2a69be9c059ee0da7ffc864e263448faa355cf461f3eae159665164d3069a04
                                                  • Instruction Fuzzy Hash: 50C01274D0838C8ACF10DFA4D850B9EB7B6BB85300F1090AA800AB7254E7308A00CF06
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 08562410, Relevance: .0, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.707596182.0000000008560000.00000040.00000001.sdmp, Offset: 08560000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c0ff9ee1121d6f3a43fc4098f0867f062739fb2dbf950fa841069a4510e768b2
                                                  • Instruction ID: 4afe722450d9fea177ca552116b1b01c58223bd628f764cc65c76ff8bc412b62
                                                  • Opcode Fuzzy Hash: c0ff9ee1121d6f3a43fc4098f0867f062739fb2dbf950fa841069a4510e768b2
                                                  • Instruction Fuzzy Hash: AFD0C970912355CFC745CBA0C250458BBB2FF05351B201899E006AB215C735DA80CE14
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0856595D, Relevance: .0, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000A.00000002.707596182.0000000008560000.00000040.00000001.sdmp, Offset: 08560000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5c9ea2e2a68a6d43b88de10cc23f9e6d04c33a72689ffb417862f78282cf7a32
                                                  • Instruction ID: 811da8b0b8e8ac0917f4ff699ce1080859ff0ef86a93118c9810407b0d463fba
                                                  • Opcode Fuzzy Hash: 5c9ea2e2a68a6d43b88de10cc23f9e6d04c33a72689ffb417862f78282cf7a32
                                                  • Instruction Fuzzy Hash: D5D0C97085721AEBDB10CF64DA85B8CBBB1FB04254F002A969408AB148D770DE408F44
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Non-executed Functions