Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report INVOLVEMENT.exe

Overview

General Information

Sample Name:INVOLVEMENT.exe
Analysis ID:526567
MD5:bd2f16abb91e630650edde48326c8acd
SHA1:fcf6e8948581551fa2f5968dfbbc4a4b6dca58e4
SHA256:fe70d2ffe406d987e41c2bdd2a1cb5d9c34b4e22914410603423073055116d5b
Tags:exeNanoCore
Infos:

Most interesting Screenshot:

Detection

Nanocore
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Sigma detected: NanoCore
Yara detected AntiVM3
Detected Nanocore Rat
Multi AV Scanner detection for dropped file
Yara detected Nanocore RAT
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Sigma detected: Suspicius Add Task From User AppData Temp
Injects a PE file into a foreign processes
Sigma detected: Powershell Defender Exclusion
Adds a directory exclusion to Windows Defender
Hides that the sample has been downloaded from the Internet (zone.identifier)
Uses schtasks.exe or at.exe to add and modify task schedules
Uses dynamic DNS services
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Installs a raw input device (often for capturing keystrokes)
Sample file is different than original file name gathered from version info
Drops PE files
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Detected TCP or UDP traffic on non-standard ports
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • INVOLVEMENT.exe (PID: 5580 cmdline: "C:\Users\user\Desktop\INVOLVEMENT.exe" MD5: BD2F16ABB91E630650EDDE48326C8ACD)
    • powershell.exe (PID: 6056 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\INVOLVEMENT.exe MD5: DBA3E6449E97D4E3DF64527EF7012A10)
      • conhost.exe (PID: 6084 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • powershell.exe (PID: 1068 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\nBhOjXWgK.exe MD5: DBA3E6449E97D4E3DF64527EF7012A10)
      • conhost.exe (PID: 6488 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • schtasks.exe (PID: 4140 cmdline: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\nBhOjXWgK" /XML "C:\Users\user\AppData\Local\Temp\tmp62E5.tmp MD5: 15FF7D8324231381BAD48A052F85DF04)
      • conhost.exe (PID: 5332 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • INVOLVEMENT.exe (PID: 6672 cmdline: C:\Users\user\Desktop\INVOLVEMENT.exe MD5: BD2F16ABB91E630650EDDE48326C8ACD)
    • INVOLVEMENT.exe (PID: 6736 cmdline: C:\Users\user\Desktop\INVOLVEMENT.exe MD5: BD2F16ABB91E630650EDDE48326C8ACD)
  • dhcpmon.exe (PID: 1384 cmdline: "C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe" MD5: BD2F16ABB91E630650EDDE48326C8ACD)
    • schtasks.exe (PID: 5760 cmdline: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\nBhOjXWgK" /XML "C:\Users\user\AppData\Local\Temp\tmpE4A8.tmp MD5: 15FF7D8324231381BAD48A052F85DF04)
      • conhost.exe (PID: 6124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • dhcpmon.exe (PID: 6252 cmdline: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe MD5: BD2F16ABB91E630650EDDE48326C8ACD)
    • dhcpmon.exe (PID: 1312 cmdline: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe MD5: BD2F16ABB91E630650EDDE48326C8ACD)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000D.00000002.404832379.0000000003BF1000.00000004.00000001.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
  • 0x6d135:$x1: NanoCore.ClientPluginHost
  • 0x9fb55:$x1: NanoCore.ClientPluginHost
  • 0x6d172:$x2: IClientNetworkHost
  • 0x9fb92:$x2: IClientNetworkHost
  • 0x70ca5:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
  • 0xa36c5:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0000000D.00000002.404832379.0000000003BF1000.00000004.00000001.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
    0000000D.00000002.404832379.0000000003BF1000.00000004.00000001.sdmpNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
    • 0x6ce9d:$a: NanoCore
    • 0x6cead:$a: NanoCore
    • 0x6d0e1:$a: NanoCore
    • 0x6d0f5:$a: NanoCore
    • 0x6d135:$a: NanoCore
    • 0x9f8bd:$a: NanoCore
    • 0x9f8cd:$a: NanoCore
    • 0x9fb01:$a: NanoCore
    • 0x9fb15:$a: NanoCore
    • 0x9fb55:$a: NanoCore
    • 0x6cefc:$b: ClientPlugin
    • 0x6d0fe:$b: ClientPlugin
    • 0x6d13e:$b: ClientPlugin
    • 0x9f91c:$b: ClientPlugin
    • 0x9fb1e:$b: ClientPlugin
    • 0x9fb5e:$b: ClientPlugin
    • 0x6d023:$c: ProjectData
    • 0x9fa43:$c: ProjectData
    • 0x6da2a:$d: DESCrypto
    • 0xa044a:$d: DESCrypto
    • 0x753f6:$e: KeepAlive
    00000011.00000002.414866902.0000000004431000.00000004.00000001.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
      00000011.00000002.414866902.0000000004431000.00000004.00000001.sdmpNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
      • 0x493e5:$a: NanoCore
      • 0x4943e:$a: NanoCore
      • 0x4947b:$a: NanoCore
      • 0x494f4:$a: NanoCore
      • 0x5cb9f:$a: NanoCore
      • 0x5cbb4:$a: NanoCore
      • 0x5cbe9:$a: NanoCore
      • 0x7566b:$a: NanoCore
      • 0x75680:$a: NanoCore
      • 0x756b5:$a: NanoCore
      • 0x49447:$b: ClientPlugin
      • 0x49484:$b: ClientPlugin
      • 0x49d82:$b: ClientPlugin
      • 0x49d8f:$b: ClientPlugin
      • 0x5c95b:$b: ClientPlugin
      • 0x5c976:$b: ClientPlugin
      • 0x5c9a6:$b: ClientPlugin
      • 0x5cbbd:$b: ClientPlugin
      • 0x5cbf2:$b: ClientPlugin
      • 0x75427:$b: ClientPlugin
      • 0x75442:$b: ClientPlugin
      Click to see the 66 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      17.2.dhcpmon.exe.3453dc4.2.raw.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
      • 0xe75:$x1: NanoCore.ClientPluginHost
      • 0xe8f:$x2: IClientNetworkHost
      17.2.dhcpmon.exe.3453dc4.2.raw.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
      • 0xe75:$x2: NanoCore.ClientPluginHost
      • 0x1261:$s3: PipeExists
      • 0x1136:$s4: PipeCreated
      • 0xeb0:$s5: IClientLoggingHost
      17.2.dhcpmon.exe.447e43c.4.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
      • 0xd9ad:$x1: NanoCore.ClientPluginHost
      • 0xd9da:$x2: IClientNetworkHost
      17.2.dhcpmon.exe.447e43c.4.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
      • 0xd9ad:$x2: NanoCore.ClientPluginHost
      • 0xea88:$s4: PipeCreated
      • 0xd9c7:$s5: IClientLoggingHost
      17.2.dhcpmon.exe.447e43c.4.unpackJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
        Click to see the 113 entries

        Sigma Overview

        AV Detection:

        barindex
        Sigma detected: NanoCoreShow sources
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\INVOLVEMENT.exe, ProcessId: 6736, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

        E-Banking Fraud:

        barindex
        Sigma detected: NanoCoreShow sources
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\INVOLVEMENT.exe, ProcessId: 6736, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

        System Summary:

        barindex
        Sigma detected: Suspicius Add Task From User AppData TempShow sources
        Source: Process startedAuthor: frack113: Data: Command: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\nBhOjXWgK" /XML "C:\Users\user\AppData\Local\Temp\tmp62E5.tmp, CommandLine: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\nBhOjXWgK" /XML "C:\Users\user\AppData\Local\Temp\tmp62E5.tmp, CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\INVOLVEMENT.exe" , ParentImage: C:\Users\user\Desktop\INVOLVEMENT.exe, ParentProcessId: 5580, ProcessCommandLine: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\nBhOjXWgK" /XML "C:\Users\user\AppData\Local\Temp\tmp62E5.tmp, ProcessId: 4140
        Sigma detected: Powershell Defender ExclusionShow sources
        Source: Process startedAuthor: Florian Roth: Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\INVOLVEMENT.exe, CommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\INVOLVEMENT.exe, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\INVOLVEMENT.exe" , ParentImage: C:\Users\user\Desktop\INVOLVEMENT.exe, ParentProcessId: 5580, ProcessCommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\INVOLVEMENT.exe, ProcessId: 6056
        Sigma detected: Non Interactive PowerShellShow sources
        Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\INVOLVEMENT.exe, CommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\INVOLVEMENT.exe, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\INVOLVEMENT.exe" , ParentImage: C:\Users\user\Desktop\INVOLVEMENT.exe, ParentProcessId: 5580, ProcessCommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\INVOLVEMENT.exe, ProcessId: 6056
        Sigma detected: T1086 PowerShell ExecutionShow sources
        Source: Pipe createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: PipeName: \PSHost.132821099068506126.6056.DefaultAppDomain.powershell

        Stealing of Sensitive Information:

        barindex
        Sigma detected: NanoCoreShow sources
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\INVOLVEMENT.exe, ProcessId: 6736, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

        Remote Access Functionality:

        barindex
        Sigma detected: NanoCoreShow sources
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\INVOLVEMENT.exe, ProcessId: 6736, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

        Jbx Signature Overview

        Click to jump to signature section

        Show All Signature Results

        AV Detection:

        barindex
        Multi AV Scanner detection for submitted fileShow sources
        Source: INVOLVEMENT.exeVirustotal: Detection: 20%Perma Link
        Source: INVOLVEMENT.exeReversingLabs: Detection: 26%
        Multi AV Scanner detection for dropped fileShow sources
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeVirustotal: Detection: 20%Perma Link
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeReversingLabs: Detection: 26%
        Source: C:\Users\user\AppData\Roaming\nBhOjXWgK.exeVirustotal: Detection: 20%Perma Link
        Source: C:\Users\user\AppData\Roaming\nBhOjXWgK.exeReversingLabs: Detection: 26%
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 17.2.dhcpmon.exe.447e43c.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.2.dhcpmon.exe.4482a65.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.INVOLVEMENT.exe.5bf0000.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.INVOLVEMENT.exe.5bf0000.8.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.0.INVOLVEMENT.exe.400000.10.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.0.INVOLVEMENT.exe.400000.12.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.INVOLVEMENT.exe.4349606.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.dhcpmon.exe.3c809c8.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.INVOLVEMENT.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.0.dhcpmon.exe.400000.12.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.dhcpmon.exe.3c809c8.2.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.INVOLVEMENT.exe.434e43c.5.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.0.INVOLVEMENT.exe.400000.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.INVOLVEMENT.exe.446cc20.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.0.INVOLVEMENT.exe.400000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.0.INVOLVEMENT.exe.400000.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.INVOLVEMENT.exe.434e43c.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.INVOLVEMENT.exe.5bf4629.7.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.INVOLVEMENT.exe.446cc20.2.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.0.dhcpmon.exe.400000.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.dhcpmon.exe.3c4dfa8.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.INVOLVEMENT.exe.4352a65.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.0.dhcpmon.exe.400000.10.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.2.dhcpmon.exe.4479606.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.0.dhcpmon.exe.400000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.2.dhcpmon.exe.447e43c.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.dhcpmon.exe.3c4dfa8.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.0.dhcpmon.exe.400000.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.INVOLVEMENT.exe.43d4bf0.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0000000D.00000002.404832379.0000000003BF1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000011.00000002.414866902.0000000004431000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000011.00000002.414818453.0000000003431000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000000.343625054.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.347800123.000000000459B000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000000.343062798.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.578282446.000000000433A000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000000.342150321.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000011.00000000.396841845.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000011.00000002.413923422.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000011.00000000.397591882.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.571909993.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000000.342497274.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000011.00000000.398302623.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.347406003.000000000432B000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.579427497.0000000005BF0000.00000004.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000011.00000000.398984180.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.404969668.0000000003D05000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: INVOLVEMENT.exe PID: 5580, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: INVOLVEMENT.exe PID: 6736, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 1384, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 1312, type: MEMORYSTR
        Source: 10.0.INVOLVEMENT.exe.400000.10.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 10.0.INVOLVEMENT.exe.400000.12.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 10.2.INVOLVEMENT.exe.5bf0000.8.unpackAvira: Label: TR/NanoCore.fadte
        Source: 10.2.INVOLVEMENT.exe.400000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 17.0.dhcpmon.exe.400000.12.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 10.0.INVOLVEMENT.exe.400000.8.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 10.0.INVOLVEMENT.exe.400000.4.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 17.0.dhcpmon.exe.400000.8.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 10.0.INVOLVEMENT.exe.400000.6.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 17.0.dhcpmon.exe.400000.10.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 17.2.dhcpmon.exe.400000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 17.0.dhcpmon.exe.400000.4.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 17.0.dhcpmon.exe.400000.6.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: INVOLVEMENT.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
        Source: INVOLVEMENT.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
        Source: Binary string: indows\mscorlib.pdbpdblib.pdb source: INVOLVEMENT.exe, 0000000A.00000002.576966556.0000000002F45000.00000004.00000040.sdmp

        Networking:

        barindex
        Uses dynamic DNS servicesShow sources
        Source: unknownDNS query: name: xylem11.ddns.net
        Source: global trafficTCP traffic: 192.168.2.3:49747 -> 197.211.58.126:6060
        Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
        Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
        Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
        Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
        Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
        Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.177
        Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
        Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
        Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
        Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
        Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
        Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.177
        Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
        Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
        Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
        Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
        Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
        Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.177
        Source: dhcpmon.exe, 0000000D.00000002.405546268.0000000004F00000.00000004.00020000.sdmpString found in binary or memory: http://www.chinhdo.com
        Source: unknownDNS traffic detected: queries for: xylem11.ddns.net
        Source: INVOLVEMENT.exe, 0000000A.00000002.578282446.000000000433A000.00000004.00000001.sdmpBinary or memory string: RegisterRawInputDevices

        E-Banking Fraud:

        barindex
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 17.2.dhcpmon.exe.447e43c.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.2.dhcpmon.exe.4482a65.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.INVOLVEMENT.exe.5bf0000.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.INVOLVEMENT.exe.5bf0000.8.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.0.INVOLVEMENT.exe.400000.10.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.0.INVOLVEMENT.exe.400000.12.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.INVOLVEMENT.exe.4349606.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.dhcpmon.exe.3c809c8.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.INVOLVEMENT.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.0.dhcpmon.exe.400000.12.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.dhcpmon.exe.3c809c8.2.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.INVOLVEMENT.exe.434e43c.5.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.0.INVOLVEMENT.exe.400000.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.INVOLVEMENT.exe.446cc20.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.0.INVOLVEMENT.exe.400000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.0.INVOLVEMENT.exe.400000.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.INVOLVEMENT.exe.434e43c.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.INVOLVEMENT.exe.5bf4629.7.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.INVOLVEMENT.exe.446cc20.2.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.0.dhcpmon.exe.400000.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.dhcpmon.exe.3c4dfa8.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.INVOLVEMENT.exe.4352a65.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.0.dhcpmon.exe.400000.10.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.2.dhcpmon.exe.4479606.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.0.dhcpmon.exe.400000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.2.dhcpmon.exe.447e43c.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.dhcpmon.exe.3c4dfa8.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.0.dhcpmon.exe.400000.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.INVOLVEMENT.exe.43d4bf0.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0000000D.00000002.404832379.0000000003BF1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000011.00000002.414866902.0000000004431000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000011.00000002.414818453.0000000003431000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000000.343625054.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.347800123.000000000459B000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000000.343062798.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.578282446.000000000433A000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000000.342150321.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000011.00000000.396841845.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000011.00000002.413923422.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000011.00000000.397591882.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.571909993.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000000.342497274.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000011.00000000.398302623.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.347406003.000000000432B000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.579427497.0000000005BF0000.00000004.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000011.00000000.398984180.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.404969668.0000000003D05000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: INVOLVEMENT.exe PID: 5580, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: INVOLVEMENT.exe PID: 6736, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 1384, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 1312, type: MEMORYSTR

        System Summary:

        barindex
        Malicious sample detected (through community Yara rule)Show sources
        Source: 17.2.dhcpmon.exe.3453dc4.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 17.2.dhcpmon.exe.447e43c.4.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 10.2.INVOLVEMENT.exe.5960000.6.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 17.2.dhcpmon.exe.4482a65.5.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 10.2.INVOLVEMENT.exe.5bf0000.8.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 10.2.INVOLVEMENT.exe.5bf0000.8.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 10.0.INVOLVEMENT.exe.400000.10.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 10.0.INVOLVEMENT.exe.400000.10.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 10.0.INVOLVEMENT.exe.400000.12.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 10.0.INVOLVEMENT.exe.400000.12.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 10.2.INVOLVEMENT.exe.4349606.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 10.2.INVOLVEMENT.exe.4349606.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 13.2.dhcpmon.exe.3c809c8.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 13.2.dhcpmon.exe.3c809c8.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 10.2.INVOLVEMENT.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 10.2.INVOLVEMENT.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 17.0.dhcpmon.exe.400000.12.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 17.0.dhcpmon.exe.400000.12.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 13.2.dhcpmon.exe.3c809c8.2.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 13.2.dhcpmon.exe.3c809c8.2.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 10.2.INVOLVEMENT.exe.434e43c.5.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 10.0.INVOLVEMENT.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 10.0.INVOLVEMENT.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0.2.INVOLVEMENT.exe.446cc20.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.INVOLVEMENT.exe.446cc20.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 10.0.INVOLVEMENT.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 10.0.INVOLVEMENT.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 10.0.INVOLVEMENT.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 10.0.INVOLVEMENT.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 10.2.INVOLVEMENT.exe.434e43c.5.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 10.2.INVOLVEMENT.exe.5bf4629.7.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.INVOLVEMENT.exe.446cc20.2.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.INVOLVEMENT.exe.446cc20.2.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 17.0.dhcpmon.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 17.0.dhcpmon.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 13.2.dhcpmon.exe.3c4dfa8.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 13.2.dhcpmon.exe.3c4dfa8.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 10.2.INVOLVEMENT.exe.4352a65.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 17.0.dhcpmon.exe.400000.10.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 17.0.dhcpmon.exe.400000.10.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 17.2.dhcpmon.exe.4479606.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 17.2.dhcpmon.exe.4479606.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 17.0.dhcpmon.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 17.0.dhcpmon.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 17.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 17.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 10.2.INVOLVEMENT.exe.3311790.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 17.2.dhcpmon.exe.447e43c.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 13.2.dhcpmon.exe.3c4dfa8.3.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 13.2.dhcpmon.exe.3c4dfa8.3.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 17.0.dhcpmon.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 17.0.dhcpmon.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0.2.INVOLVEMENT.exe.43d4bf0.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.INVOLVEMENT.exe.43d4bf0.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000000D.00000002.404832379.0000000003BF1000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000000D.00000002.404832379.0000000003BF1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000011.00000002.414866902.0000000004431000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000011.00000002.414818453.0000000003431000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000000A.00000000.343625054.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000000A.00000000.343625054.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000000.00000002.347800123.000000000459B000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000000.00000002.347800123.000000000459B000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000000A.00000000.343062798.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000000A.00000000.343062798.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000000A.00000002.578282446.000000000433A000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000000A.00000000.342150321.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000000A.00000000.342150321.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000011.00000000.396841845.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000011.00000000.396841845.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000011.00000002.413923422.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000011.00000002.413923422.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000011.00000000.397591882.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000011.00000000.397591882.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000000A.00000002.571909993.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000000A.00000002.571909993.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000000A.00000000.342497274.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000000A.00000000.342497274.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000011.00000000.398302623.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000011.00000000.398302623.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000000.00000002.347406003.000000000432B000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000000.00000002.347406003.000000000432B000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000000A.00000002.579366918.0000000005960000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000000A.00000002.579427497.0000000005BF0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000011.00000000.398984180.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000011.00000000.398984180.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000000D.00000002.404969668.0000000003D05000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000000D.00000002.404969668.0000000003D05000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: INVOLVEMENT.exe PID: 5580, type: MEMORYSTRMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: INVOLVEMENT.exe PID: 5580, type: MEMORYSTRMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: INVOLVEMENT.exe PID: 6736, type: MEMORYSTRMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: INVOLVEMENT.exe PID: 6736, type: MEMORYSTRMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: dhcpmon.exe PID: 1384, type: MEMORYSTRMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: dhcpmon.exe PID: 1384, type: MEMORYSTRMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: dhcpmon.exe PID: 1312, type: MEMORYSTRMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: dhcpmon.exe PID: 1312, type: MEMORYSTRMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: INVOLVEMENT.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
        Source: 17.2.dhcpmon.exe.3453dc4.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 17.2.dhcpmon.exe.3453dc4.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 17.2.dhcpmon.exe.447e43c.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 17.2.dhcpmon.exe.447e43c.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 10.2.INVOLVEMENT.exe.5960000.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 10.2.INVOLVEMENT.exe.5960000.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 17.2.dhcpmon.exe.4482a65.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 17.2.dhcpmon.exe.4482a65.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 10.2.INVOLVEMENT.exe.5bf0000.8.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 10.2.INVOLVEMENT.exe.5bf0000.8.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 10.2.INVOLVEMENT.exe.5bf0000.8.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 10.2.INVOLVEMENT.exe.5bf0000.8.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 10.0.INVOLVEMENT.exe.400000.10.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 10.0.INVOLVEMENT.exe.400000.10.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 10.0.INVOLVEMENT.exe.400000.10.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 10.0.INVOLVEMENT.exe.400000.12.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 10.0.INVOLVEMENT.exe.400000.12.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 10.0.INVOLVEMENT.exe.400000.12.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 10.2.INVOLVEMENT.exe.4349606.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 10.2.INVOLVEMENT.exe.4349606.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 10.2.INVOLVEMENT.exe.4349606.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 13.2.dhcpmon.exe.3c809c8.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 13.2.dhcpmon.exe.3c809c8.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 13.2.dhcpmon.exe.3c809c8.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 10.2.INVOLVEMENT.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 10.2.INVOLVEMENT.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 10.2.INVOLVEMENT.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 17.0.dhcpmon.exe.400000.12.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 17.0.dhcpmon.exe.400000.12.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 17.0.dhcpmon.exe.400000.12.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 13.2.dhcpmon.exe.3c809c8.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 13.2.dhcpmon.exe.3c809c8.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 13.2.dhcpmon.exe.3c809c8.2.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 10.2.INVOLVEMENT.exe.434e43c.5.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 10.2.INVOLVEMENT.exe.434e43c.5.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 10.0.INVOLVEMENT.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 10.0.INVOLVEMENT.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 10.0.INVOLVEMENT.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0.2.INVOLVEMENT.exe.446cc20.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0.2.INVOLVEMENT.exe.446cc20.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.2.INVOLVEMENT.exe.446cc20.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 10.0.INVOLVEMENT.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 10.0.INVOLVEMENT.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 10.0.INVOLVEMENT.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 10.0.INVOLVEMENT.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 10.0.INVOLVEMENT.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 10.0.INVOLVEMENT.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 10.2.INVOLVEMENT.exe.434e43c.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 10.2.INVOLVEMENT.exe.434e43c.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 10.2.INVOLVEMENT.exe.5bf4629.7.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 10.2.INVOLVEMENT.exe.5bf4629.7.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.2.INVOLVEMENT.exe.446cc20.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0.2.INVOLVEMENT.exe.446cc20.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0.2.INVOLVEMENT.exe.446cc20.2.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 17.0.dhcpmon.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 17.0.dhcpmon.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 17.0.dhcpmon.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 13.2.dhcpmon.exe.3c4dfa8.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 13.2.dhcpmon.exe.3c4dfa8.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 13.2.dhcpmon.exe.3c4dfa8.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 10.2.INVOLVEMENT.exe.4352a65.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 10.2.INVOLVEMENT.exe.4352a65.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 17.0.dhcpmon.exe.400000.10.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 17.0.dhcpmon.exe.400000.10.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 17.0.dhcpmon.exe.400000.10.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 17.2.dhcpmon.exe.4479606.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 17.2.dhcpmon.exe.4479606.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 17.2.dhcpmon.exe.4479606.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 17.0.dhcpmon.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 17.0.dhcpmon.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 17.0.dhcpmon.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 17.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 17.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 17.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 10.2.INVOLVEMENT.exe.3311790.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 10.2.INVOLVEMENT.exe.3311790.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 17.2.dhcpmon.exe.447e43c.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 17.2.dhcpmon.exe.447e43c.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 13.2.dhcpmon.exe.3c4dfa8.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 13.2.dhcpmon.exe.3c4dfa8.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 13.2.dhcpmon.exe.3c4dfa8.3.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 17.0.dhcpmon.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 17.0.dhcpmon.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 17.0.dhcpmon.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0.2.INVOLVEMENT.exe.43d4bf0.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0.2.INVOLVEMENT.exe.43d4bf0.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000000D.00000002.404832379.0000000003BF1000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000D.00000002.404832379.0000000003BF1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000011.00000002.414866902.0000000004431000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000011.00000002.414818453.0000000003431000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000000A.00000000.343625054.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000A.00000000.343625054.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000000.00000002.347800123.000000000459B000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000000.00000002.347800123.000000000459B000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000000A.00000000.343062798.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000A.00000000.343062798.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000000A.00000002.578282446.000000000433A000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000000A.00000000.342150321.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000A.00000000.342150321.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000011.00000000.396841845.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000011.00000000.396841845.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000011.00000002.413923422.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000011.00000002.413923422.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000011.00000000.397591882.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000011.00000000.397591882.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000000A.00000002.571909993.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000A.00000002.571909993.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000000A.00000000.342497274.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000A.00000000.342497274.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000011.00000000.398302623.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000011.00000000.398302623.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000000.00000002.347406003.000000000432B000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000000.00000002.347406003.000000000432B000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000000A.00000002.579366918.0000000005960000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000A.00000002.579366918.0000000005960000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0000000A.00000002.579427497.0000000005BF0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000A.00000002.579427497.0000000005BF0000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 00000011.00000000.398984180.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000011.00000000.398984180.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000000D.00000002.404969668.0000000003D05000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000D.00000002.404969668.0000000003D05000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: INVOLVEMENT.exe PID: 5580, type: MEMORYSTRMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: INVOLVEMENT.exe PID: 5580, type: MEMORYSTRMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: INVOLVEMENT.exe PID: 6736, type: MEMORYSTRMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: INVOLVEMENT.exe PID: 6736, type: MEMORYSTRMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: dhcpmon.exe PID: 1384, type: MEMORYSTRMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: dhcpmon.exe PID: 1384, type: MEMORYSTRMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: dhcpmon.exe PID: 1312, type: MEMORYSTRMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: dhcpmon.exe PID: 1312, type: MEMORYSTRMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 0_2_00AE37410_2_00AE3741
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 0_2_053202600_2_05320260
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 0_2_053254100_2_05325410
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 0_2_053254000_2_05325400
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 0_2_053202510_2_05320251
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 0_2_00AE27BD0_2_00AE27BD
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 0_2_00AE35B10_2_00AE35B1
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 0_2_00AE20500_2_00AE2050
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 8_2_0022606D8_2_0022606D
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 8_2_002237418_2_00223741
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 8_2_002235B18_2_002235B1
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 8_2_002227BD8_2_002227BD
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 8_2_002220508_2_00222050
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 10_2_054C879810_2_054C8798
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 10_2_054C2FA810_2_054C2FA8
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 10_2_054C23A010_2_054C23A0
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 10_2_054CB26C10_2_054CB26C
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 10_2_054C9C4010_2_054C9C40
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 10_2_054C945F10_2_054C945F
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 10_2_054C306F10_2_054C306F
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 10_2_054C939810_2_054C9398
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 13_2_0052374113_2_00523741
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 13_2_0052606D13_2_0052606D
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 13_2_0289026013_2_02890260
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 13_2_0289025313_2_02890253
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 13_2_0289540313_2_02895403
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 13_2_0289541013_2_02895410
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 13_2_0052205013_2_00522050
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 13_2_005235B113_2_005235B1
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 13_2_005227BD13_2_005227BD
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 16_2_0012374116_2_00123741
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 16_2_0012606D16_2_0012606D
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 16_2_0012205016_2_00122050
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 16_2_001235B116_2_001235B1
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 16_2_001227BD16_2_001227BD
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 17_2_00C0374117_2_00C03741
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 17_2_00C0606D17_2_00C0606D
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 17_2_0545385017_2_05453850
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 17_2_054523A017_2_054523A0
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 17_2_05452FA817_2_05452FA8
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 17_2_0545306F17_2_0545306F
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 17_2_00C0205017_2_00C02050
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 17_2_00C035B117_2_00C035B1
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 17_2_00C027BD17_2_00C027BD
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 0_2_05B201AE NtQuerySystemInformation,0_2_05B201AE
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 0_2_05B2017D NtQuerySystemInformation,0_2_05B2017D
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 10_2_055F17F2 NtQuerySystemInformation,10_2_055F17F2
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 10_2_055F17B7 NtQuerySystemInformation,10_2_055F17B7
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 13_2_05590272 NtQuerySystemInformation,13_2_05590272
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 13_2_05590250 NtQuerySystemInformation,13_2_05590250
        Source: INVOLVEMENT.exe, 00000000.00000000.302324896.0000000000B8E000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameTimerQue.exe6 vs INVOLVEMENT.exe
        Source: INVOLVEMENT.exe, 00000000.00000002.348314072.0000000005950000.00000004.00020000.sdmpBinary or memory string: OriginalFilenameUI.dll@ vs INVOLVEMENT.exe
        Source: INVOLVEMENT.exe, 00000000.00000002.348114495.00000000057B0000.00000004.00020000.sdmpBinary or memory string: OriginalFilenameTransactionalFileManager.dllf# vs INVOLVEMENT.exe
        Source: INVOLVEMENT.exe, 00000008.00000000.329600570.00000000002CE000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameTimerQue.exe6 vs INVOLVEMENT.exe
        Source: INVOLVEMENT.exe, 0000000A.00000000.330469021.0000000000BBE000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameTimerQue.exe6 vs INVOLVEMENT.exe
        Source: INVOLVEMENT.exe, 0000000A.00000002.578282446.000000000433A000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameClientPlugin.dll4 vs INVOLVEMENT.exe
        Source: INVOLVEMENT.exe, 0000000A.00000002.578282446.000000000433A000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameLzma#.dll4 vs INVOLVEMENT.exe
        Source: INVOLVEMENT.exe, 0000000A.00000002.578282446.000000000433A000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs INVOLVEMENT.exe
        Source: INVOLVEMENT.exe, 0000000A.00000002.573732295.0000000001198000.00000004.00000020.sdmpBinary or memory string: OriginalFilenamemscorwks.dllT vs INVOLVEMENT.exe
        Source: INVOLVEMENT.exeBinary or memory string: OriginalFilenameTimerQue.exe6 vs INVOLVEMENT.exe
        Source: INVOLVEMENT.exeVirustotal: Detection: 20%
        Source: INVOLVEMENT.exeReversingLabs: Detection: 26%
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeFile read: C:\Users\user\Desktop\INVOLVEMENT.exeJump to behavior
        Source: INVOLVEMENT.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\INVOLVEMENT.exe "C:\Users\user\Desktop\INVOLVEMENT.exe"
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\INVOLVEMENT.exe
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\nBhOjXWgK.exe
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\nBhOjXWgK" /XML "C:\Users\user\AppData\Local\Temp\tmp62E5.tmp
        Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess created: C:\Users\user\Desktop\INVOLVEMENT.exe C:\Users\user\Desktop\INVOLVEMENT.exe
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess created: C:\Users\user\Desktop\INVOLVEMENT.exe C:\Users\user\Desktop\INVOLVEMENT.exe
        Source: unknownProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe "C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe"
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\nBhOjXWgK" /XML "C:\Users\user\AppData\Local\Temp\tmpE4A8.tmp
        Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\INVOLVEMENT.exeJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\nBhOjXWgK.exeJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\nBhOjXWgK" /XML "C:\Users\user\AppData\Local\Temp\tmp62E5.tmpJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess created: C:\Users\user\Desktop\INVOLVEMENT.exe C:\Users\user\Desktop\INVOLVEMENT.exeJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess created: C:\Users\user\Desktop\INVOLVEMENT.exe C:\Users\user\Desktop\INVOLVEMENT.exeJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\nBhOjXWgK" /XML "C:\Users\user\AppData\Local\Temp\tmpE4A8.tmp
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 0_2_05B20032 AdjustTokenPrivileges,0_2_05B20032
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 0_2_05B20006 AdjustTokenPrivileges,0_2_05B20006
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 10_2_055F15B2 AdjustTokenPrivileges,10_2_055F15B2
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 10_2_055F157B AdjustTokenPrivileges,10_2_055F157B
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 13_2_05590032 AdjustTokenPrivileges,13_2_05590032
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 13_2_05590006 AdjustTokenPrivileges,13_2_05590006
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeFile created: C:\Users\user\AppData\Roaming\nBhOjXWgK.exeJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeFile created: C:\Users\user\AppData\Local\Temp\tmp62E5.tmpJump to behavior
        Source: classification engineClassification label: mal100.troj.evad.winEXE@22/16@18/2
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6124:120:WilError_01
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{c4afdd80-044c-461e-b039-4c4a56bfb9b5}
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6084:120:WilError_01
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5332:120:WilError_01
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeMutant created: \Sessions\1\BaseNamedObjects\zxrOjxkkZVvLmaBhYbteq
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6488:120:WilError_01
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeFile created: C:\Program Files (x86)\DHCP MonitorJump to behavior
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
        Source: INVOLVEMENT.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
        Source: INVOLVEMENT.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
        Source: Binary string: indows\mscorlib.pdbpdblib.pdb source: INVOLVEMENT.exe, 0000000A.00000002.576966556.0000000002F45000.00000004.00000040.sdmp
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 0_2_02CB00C3 push cs; retf 0_2_02CB00C6
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 0_2_02CB02A3 push cs; retf 0_2_02CB038A
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 0_2_05329BA7 push esi; ret 0_2_05329BA8
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 0_2_053266C8 push 0940C66Dh; ret 0_2_053266CE
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 10_2_013B2DFD push edi; ret 10_2_013B2DFE
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 10_2_013B2DF1 push edi; ret 10_2_013B2DF2
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 10_2_013B2875 push edi; ret 10_2_013B2882
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 10_2_013B2D6C push ecx; ret 10_2_013B2D6E
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 10_2_013B28E1 push edi; ret 10_2_013B28E2
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 10_2_013B27D8 push eax; ret 10_2_013B27DA
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 10_2_013B2D91 push eax; ret 10_2_013B2D92
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 10_2_013B2FD0 push eax; ret 10_2_013B2FD6
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 10_2_013B288D push edi; ret 10_2_013B288E
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 10_2_013B2D84 push ecx; ret 10_2_013B2D86
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 10_2_013C9D76 pushad ; retf 10_2_013C9D79
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 10_2_054C902D push ebx; ret 10_2_054C902E
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 13_2_02662EA1 push edi; ret 13_2_02662EA2
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 13_2_026629AD push edi; ret 13_2_026629AE
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 13_2_02662CED push eax; ret 13_2_02662CEE
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 13_2_02662D69 push eax; ret 13_2_02662D72
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 13_2_026629F4 push ecx; ret 13_2_026629F6
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 13_2_02662A30 push ecx; ret 13_2_02662A32
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 13_2_02662E00 push eax; ret 13_2_02662E06
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 13_2_02662941 push edi; ret 13_2_02662942
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 13_2_02662B09 push eax; ret 13_2_02662B0A
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 13_2_02662C98 push eax; ret 13_2_02662C9A
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 13_2_02677BE4 push ecx; ret 13_2_02677BE5
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 13_2_02677BE8 push ebp; ret 13_2_02677BE9
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 13_2_026A0870 push 00000002h; retf 13_2_026A0968
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 13_2_026A096A push 00000002h; ret 13_2_026A098C
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 13_2_026A0993 push 00000002h; retf 13_2_026A0968
        Source: initial sampleStatic PE information: section name: .text entropy: 7.29580618923
        Source: initial sampleStatic PE information: section name: .text entropy: 7.29580618923
        Source: initial sampleStatic PE information: section name: .text entropy: 7.29580618923
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeFile created: C:\Users\user\AppData\Roaming\nBhOjXWgK.exeJump to dropped file
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeFile created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeJump to dropped file

        Boot Survival:

        barindex
        Uses schtasks.exe or at.exe to add and modify task schedulesShow sources
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\nBhOjXWgK" /XML "C:\Users\user\AppData\Local\Temp\tmp62E5.tmp

        Hooking and other Techniques for Hiding and Protection:

        barindex
        Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeFile opened: C:\Users\user\Desktop\INVOLVEMENT.exe:Zone.Identifier read attributes | deleteJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX

        Malware Analysis System Evasion:

        barindex
        Yara detected AntiVM3Show sources
        Source: Yara matchFile source: 0.2.INVOLVEMENT.exe.31f6078.1.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.dhcpmon.exe.2bf608c.1.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0000000D.00000002.402010571.0000000002BF1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.346333050.00000000032F0000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.346030593.00000000031F1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.402185132.0000000002CEA000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: INVOLVEMENT.exe PID: 5580, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 1384, type: MEMORYSTR
        Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
        Source: INVOLVEMENT.exe, 00000000.00000002.346333050.00000000032F0000.00000004.00000001.sdmp, dhcpmon.exe, 0000000D.00000002.402010571.0000000002BF1000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
        Source: INVOLVEMENT.exe, 00000000.00000002.346333050.00000000032F0000.00000004.00000001.sdmp, dhcpmon.exe, 0000000D.00000002.402010571.0000000002BF1000.00000004.00000001.sdmpBinary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
        Source: C:\Users\user\Desktop\INVOLVEMENT.exe TID: 5860Thread sleep time: -35764s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exe TID: 3676Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3940Thread sleep time: -7378697629483816s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6516Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1880Thread sleep count: 5013 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4504Thread sleep time: -2767011611056431s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2832Thread sleep count: 513 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5380Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exe TID: 4412Thread sleep time: -1844674407370954s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 6068Thread sleep time: -36692s >= -30000s
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 6340Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 6492Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6247Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 622Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5013Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 513Jump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeWindow / User API: foregroundWindowGot 841Jump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 10_2_055F12DA GetSystemInfo,10_2_055F12DA
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeThread delayed: delay time: 35764Jump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 36692
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477
        Source: dhcpmon.exe, 0000000D.00000002.402010571.0000000002BF1000.00000004.00000001.sdmpBinary or memory string: VMware SVGA IIBAdd-MpPreference -ExclusionPath "
        Source: dhcpmon.exe, 0000000D.00000002.402010571.0000000002BF1000.00000004.00000001.sdmpBinary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
        Source: dhcpmon.exe, 0000000D.00000002.402010571.0000000002BF1000.00000004.00000001.sdmpBinary or memory string: vmware
        Source: INVOLVEMENT.exe, 0000000A.00000002.575601362.0000000001204000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW
        Source: dhcpmon.exe, 0000000D.00000002.401313936.0000000000BD8000.00000004.00000020.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
        Source: INVOLVEMENT.exe, 0000000A.00000002.575601362.0000000001204000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
        Source: dhcpmon.exe, 0000000D.00000002.402010571.0000000002BF1000.00000004.00000001.sdmpBinary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeMemory allocated: page read and write | page guardJump to behavior

        HIPS / PFW / Operating System Protection Evasion:

        barindex
        Injects a PE file into a foreign processesShow sources
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeMemory written: C:\Users\user\Desktop\INVOLVEMENT.exe base: 400000 value starts with: 4D5AJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeMemory written: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe base: 400000 value starts with: 4D5A
        Adds a directory exclusion to Windows DefenderShow sources
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\INVOLVEMENT.exe
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\nBhOjXWgK.exe
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\INVOLVEMENT.exeJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\nBhOjXWgK.exeJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\INVOLVEMENT.exeJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\nBhOjXWgK.exeJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\nBhOjXWgK" /XML "C:\Users\user\AppData\Local\Temp\tmp62E5.tmpJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess created: C:\Users\user\Desktop\INVOLVEMENT.exe C:\Users\user\Desktop\INVOLVEMENT.exeJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeProcess created: C:\Users\user\Desktop\INVOLVEMENT.exe C:\Users\user\Desktop\INVOLVEMENT.exeJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\nBhOjXWgK" /XML "C:\Users\user\AppData\Local\Temp\tmpE4A8.tmp
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
        Source: INVOLVEMENT.exe, 0000000A.00000002.577337820.000000000338F000.00000004.00000001.sdmpBinary or memory string: Program Manager
        Source: INVOLVEMENT.exe, 0000000A.00000002.576732447.0000000001A10000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
        Source: INVOLVEMENT.exe, 0000000A.00000002.576732447.0000000001A10000.00000002.00020000.sdmpBinary or memory string: Progman
        Source: INVOLVEMENT.exe, 0000000A.00000002.576732447.0000000001A10000.00000002.00020000.sdmpBinary or memory string: Progmanlock
        Source: INVOLVEMENT.exe, 0000000A.00000002.575601362.0000000001204000.00000004.00000020.sdmpBinary or memory string: Program Managert$
        Source: INVOLVEMENT.exe, 0000000A.00000002.577337820.000000000338F000.00000004.00000001.sdmpBinary or memory string: Program Manager@|
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Stealing of Sensitive Information:

        barindex
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 17.2.dhcpmon.exe.447e43c.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.2.dhcpmon.exe.4482a65.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.INVOLVEMENT.exe.5bf0000.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.INVOLVEMENT.exe.5bf0000.8.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.0.INVOLVEMENT.exe.400000.10.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.0.INVOLVEMENT.exe.400000.12.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.INVOLVEMENT.exe.4349606.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.dhcpmon.exe.3c809c8.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.INVOLVEMENT.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.0.dhcpmon.exe.400000.12.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.dhcpmon.exe.3c809c8.2.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.INVOLVEMENT.exe.434e43c.5.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.0.INVOLVEMENT.exe.400000.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.INVOLVEMENT.exe.446cc20.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.0.INVOLVEMENT.exe.400000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.0.INVOLVEMENT.exe.400000.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.INVOLVEMENT.exe.434e43c.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.INVOLVEMENT.exe.5bf4629.7.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.INVOLVEMENT.exe.446cc20.2.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.0.dhcpmon.exe.400000.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.dhcpmon.exe.3c4dfa8.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.INVOLVEMENT.exe.4352a65.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.0.dhcpmon.exe.400000.10.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.2.dhcpmon.exe.4479606.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.0.dhcpmon.exe.400000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.2.dhcpmon.exe.447e43c.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.dhcpmon.exe.3c4dfa8.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.0.dhcpmon.exe.400000.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.INVOLVEMENT.exe.43d4bf0.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0000000D.00000002.404832379.0000000003BF1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000011.00000002.414866902.0000000004431000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000011.00000002.414818453.0000000003431000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000000.343625054.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.347800123.000000000459B000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000000.343062798.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.578282446.000000000433A000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000000.342150321.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000011.00000000.396841845.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000011.00000002.413923422.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000011.00000000.397591882.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.571909993.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000000.342497274.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000011.00000000.398302623.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.347406003.000000000432B000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.579427497.0000000005BF0000.00000004.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000011.00000000.398984180.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.404969668.0000000003D05000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: INVOLVEMENT.exe PID: 5580, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: INVOLVEMENT.exe PID: 6736, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 1384, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 1312, type: MEMORYSTR

        Remote Access Functionality:

        barindex
        Detected Nanocore RatShow sources
        Source: INVOLVEMENT.exe, 00000000.00000002.347800123.000000000459B000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: INVOLVEMENT.exe, 0000000A.00000000.343625054.0000000000402000.00000040.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: INVOLVEMENT.exe, 0000000A.00000002.578282446.000000000433A000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
        Source: dhcpmon.exe, 0000000D.00000002.404832379.0000000003BF1000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: dhcpmon.exe, 00000011.00000002.414866902.0000000004431000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: dhcpmon.exe, 00000011.00000002.414866902.0000000004431000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 17.2.dhcpmon.exe.447e43c.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.2.dhcpmon.exe.4482a65.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.INVOLVEMENT.exe.5bf0000.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.INVOLVEMENT.exe.5bf0000.8.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.0.INVOLVEMENT.exe.400000.10.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.0.INVOLVEMENT.exe.400000.12.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.INVOLVEMENT.exe.4349606.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.dhcpmon.exe.3c809c8.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.INVOLVEMENT.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.0.dhcpmon.exe.400000.12.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.dhcpmon.exe.3c809c8.2.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.INVOLVEMENT.exe.434e43c.5.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.0.INVOLVEMENT.exe.400000.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.INVOLVEMENT.exe.446cc20.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.0.INVOLVEMENT.exe.400000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.0.INVOLVEMENT.exe.400000.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.INVOLVEMENT.exe.434e43c.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.INVOLVEMENT.exe.5bf4629.7.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.INVOLVEMENT.exe.446cc20.2.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.0.dhcpmon.exe.400000.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.dhcpmon.exe.3c4dfa8.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.INVOLVEMENT.exe.4352a65.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.0.dhcpmon.exe.400000.10.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.2.dhcpmon.exe.4479606.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.0.dhcpmon.exe.400000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.2.dhcpmon.exe.447e43c.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.dhcpmon.exe.3c4dfa8.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 17.0.dhcpmon.exe.400000.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.INVOLVEMENT.exe.43d4bf0.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0000000D.00000002.404832379.0000000003BF1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000011.00000002.414866902.0000000004431000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000011.00000002.414818453.0000000003431000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000000.343625054.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.347800123.000000000459B000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000000.343062798.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.578282446.000000000433A000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000000.342150321.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000011.00000000.396841845.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000011.00000002.413923422.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000011.00000000.397591882.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.571909993.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000000.342497274.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000011.00000000.398302623.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.347406003.000000000432B000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.579427497.0000000005BF0000.00000004.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000011.00000000.398984180.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.404969668.0000000003D05000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: INVOLVEMENT.exe PID: 5580, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: INVOLVEMENT.exe PID: 6736, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 1384, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 1312, type: MEMORYSTR
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 10_2_055F2CBE bind,10_2_055F2CBE
        Source: C:\Users\user\Desktop\INVOLVEMENT.exeCode function: 10_2_055F2C7D bind,10_2_055F2C7D

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Valid AccountsScheduled Task/Job1Scheduled Task/Job1Access Token Manipulation1Masquerading2Input Capture11Security Software Discovery21Remote ServicesInput Capture11Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
        Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsProcess Injection112Disable or Modify Tools11LSASS MemoryProcess Discovery2Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain AccountsAt (Linux)Logon Script (Windows)Scheduled Task/Job1Virtualization/Sandbox Evasion21Security Account ManagerVirtualization/Sandbox Evasion21SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationRemote Access Software1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Access Token Manipulation1NTDSApplication Window Discovery1Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol1SIM Card SwapCarrier Billing Fraud
        Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptProcess Injection112LSA SecretsFile and Directory Discovery1SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol11Manipulate Device CommunicationManipulate App Store Rankings or Ratings
        Replication Through Removable MediaLaunchdRc.commonRc.commonHidden Files and Directories1Cached Domain CredentialsSystem Information Discovery13VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
        External Remote ServicesScheduled TaskStartup ItemsStartup ItemsObfuscated Files or Information2DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
        Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobSoftware Packing2Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 signatures2 2 Behavior Graph ID: 526567 Sample: INVOLVEMENT.exe Startdate: 22/11/2021 Architecture: WINDOWS Score: 100 54 Malicious sample detected (through community Yara rule) 2->54 56 Multi AV Scanner detection for dropped file 2->56 58 Multi AV Scanner detection for submitted file 2->58 60 8 other signatures 2->60 7 INVOLVEMENT.exe 7 2->7         started        11 dhcpmon.exe 2->11         started        process3 file4 38 C:\Users\user\AppData\Roaming\nBhOjXWgK.exe, PE32 7->38 dropped 40 C:\Users\user\AppData\Local\...\tmp62E5.tmp, XML 7->40 dropped 42 C:\Users\user\AppData\...\INVOLVEMENT.exe.log, ASCII 7->42 dropped 62 Uses schtasks.exe or at.exe to add and modify task schedules 7->62 64 Adds a directory exclusion to Windows Defender 7->64 66 Injects a PE file into a foreign processes 7->66 13 INVOLVEMENT.exe 1 11 7->13         started        18 powershell.exe 24 7->18         started        20 powershell.exe 25 7->20         started        28 2 other processes 7->28 22 schtasks.exe 11->22         started        24 dhcpmon.exe 11->24         started        26 dhcpmon.exe 11->26         started        signatures5 process6 dnsIp7 50 xylem11.ddns.net 197.211.58.126, 6060 globacom-asNG Nigeria 13->50 52 127.0.0.1 unknown unknown 13->52 44 C:\Program Files (x86)\...\dhcpmon.exe, PE32 13->44 dropped 46 C:\Users\user\AppData\Roaming\...\run.dat, Non-ISO 13->46 dropped 48 C:\...\dhcpmon.exe:Zone.Identifier, ASCII 13->48 dropped 68 Hides that the sample has been downloaded from the Internet (zone.identifier) 13->68 30 conhost.exe 18->30         started        32 conhost.exe 20->32         started        34 conhost.exe 22->34         started        36 conhost.exe 28->36         started        file8 signatures9 process10

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.

        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        INVOLVEMENT.exe21%VirustotalBrowse
        INVOLVEMENT.exe27%ReversingLabsByteCode-MSIL.Spyware.Noon

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe21%VirustotalBrowse
        C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe27%ReversingLabsByteCode-MSIL.Spyware.Noon
        C:\Users\user\AppData\Roaming\nBhOjXWgK.exe21%VirustotalBrowse
        C:\Users\user\AppData\Roaming\nBhOjXWgK.exe27%ReversingLabsByteCode-MSIL.Spyware.Noon

        Unpacked PE Files

        SourceDetectionScannerLabelLinkDownload
        10.0.INVOLVEMENT.exe.400000.10.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        10.0.INVOLVEMENT.exe.400000.12.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        10.2.INVOLVEMENT.exe.5bf0000.8.unpack100%AviraTR/NanoCore.fadteDownload File
        10.2.INVOLVEMENT.exe.400000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        17.0.dhcpmon.exe.400000.12.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        10.0.INVOLVEMENT.exe.400000.8.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        10.0.INVOLVEMENT.exe.400000.4.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        17.0.dhcpmon.exe.400000.8.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        10.0.INVOLVEMENT.exe.400000.6.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        17.0.dhcpmon.exe.400000.10.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        17.2.dhcpmon.exe.400000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        17.0.dhcpmon.exe.400000.4.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        17.0.dhcpmon.exe.400000.6.unpack100%AviraTR/Dropper.MSIL.Gen7Download File

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        http://www.chinhdo.com0%URL Reputationsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        xylem11.ddns.net
        		197.211.58.126
        		truefalse
          		high

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://www.chinhdo.comdhcpmon.exe, 0000000D.00000002.405546268.0000000004F00000.00000004.00020000.sdmpfalse
          • URL Reputation: safe
          		unknown

          Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public

          IPDomainCountryFlagASNASN NameMalicious
          197.211.58.126
          		xylem11.ddns.netNigeria
          		37148globacom-asNGfalse

          Private

          IP
          127.0.0.1

          General Information

          Joe Sandbox Version:34.0.0 Boulder Opal
          Analysis ID:526567
          Start date:22.11.2021
          Start time:18:57:18
          Joe Sandbox Product:CloudBasic
          Overall analysis duration:0h 13m 35s
          Hypervisor based Inspection enabled:false
          Report type:full
          Sample file name:INVOLVEMENT.exe
          Cookbook file name:default.jbs
          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
          Number of analysed new started processes analysed:31
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • HDC enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Detection:MAL
          Classification:mal100.troj.evad.winEXE@22/16@18/2
          EGA Information:Failed
          HDC Information:Failed
          HCA Information:
          • Successful, ratio: 99%
          • Number of executed functions: 608
          • Number of non-executed functions: 3
          Cookbook Comments:
          • Adjust boot time
          • Enable AMSI
          • Found application associated with file extension: .exe
          Warnings:
          Show All
          • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
          • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, WmiPrvSE.exe, svchost.exe, wuapihost.exe
          • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, fs.microsoft.com, ctldl.windowsupdate.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
          • Not all processes where analyzed, report is missing behavior information
          • Report creation exceeded maximum time and may have missing disassembly code information.
          • Report size exceeded maximum capacity and may have missing behavior information.
          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
          • Report size getting too big, too many NtOpenKeyEx calls found.
          • Report size getting too big, too many NtQueryValueKey calls found.

          Simulations

          Behavior and APIs

          TimeTypeDescription
          18:58:23API Interceptor803x Sleep call for process: INVOLVEMENT.exe modified
          18:58:30API Interceptor75x Sleep call for process: powershell.exe modified
          18:58:48AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run DHCP Monitor C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
          18:59:00API Interceptor1x Sleep call for process: dhcpmon.exe modified

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          No context

          ASN

          No context

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
          Process:C:\Users\user\Desktop\INVOLVEMENT.exe
          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):712704
          Entropy (8bit):7.22412268006053
          Encrypted:false
          SSDEEP:12288:dCs9b6OrDTZaVX4ODPBLv5H9oUuds9s8i8OrXedluGP8CV8wgp56:QXDPBLvzoDOa8bOTed5/CPu
          MD5:BD2F16ABB91E630650EDDE48326C8ACD
          SHA1:FCF6E8948581551FA2F5968DFBBC4A4B6DCA58E4
          SHA-256:FE70D2FFE406D987E41C2BDD2A1CB5D9C34B4E22914410603423073055116D5B
          SHA-512:93040C7EFB5130E350BFA77B2A6CC63087B782831A23FAE52A47E9A099F5586AE43F22F2392603A507A2A3389CF0820F6227D903C57ACE7327C909A52090AF8F
          Malicious:true
          Antivirus:
          • Antivirus: Virustotal, Detection: 21%, Browse
          • Antivirus: ReversingLabs, Detection: 27%
          Reputation:unknown
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...o..a..............0...... ........... ........... ....................... ............@.................................T...O.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe:Zone.Identifier
          Process:C:\Users\user\Desktop\INVOLVEMENT.exe
          File Type:ASCII text, with CRLF line terminators
          Category:modified
          Size (bytes):26
          Entropy (8bit):3.95006375643621
          Encrypted:false
          SSDEEP:3:ggPYV:rPYV
          MD5:187F488E27DB4AF347237FE461A079AD
          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
          Malicious:true
          Reputation:unknown
          Preview: [ZoneTransfer]....ZoneId=0
          C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\INVOLVEMENT.exe.log
          Process:C:\Users\user\Desktop\INVOLVEMENT.exe
          File Type:ASCII text, with CRLF line terminators
          Category:modified
          Size (bytes):659
          Entropy (8bit):5.2661344468761735
          Encrypted:false
          SSDEEP:12:Q3LaJU20NaL10U29hJ5g1B0U2ukyrFk70U2U/N0Ug+9Yz9tv:MLF20NaL329hJ5g522rW2U/Pz2T
          MD5:3C153E5BCCA87FF6E091634EE977299F
          SHA1:6DE85803E7FA00C03CE809243EB8162DF036430A
          SHA-256:F0705BDCE38ADB33CA8B414DDB85718985660BC73E0BE4439E0A94384A37797D
          SHA-512:54BDFFA72A0D4122B5B79B092D7E8C3213EB30AE2858188748E52ADD65ADE2F2F887892C06BB8ED790C19F1ED949176B9A9F0113679EF38B74387A189E6DC745
          Malicious:true
          Reputation:unknown
          Preview: 1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\aa840ffb0dd775d9eb8d66c8a8e8cdd9\System.Transactions.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cd7c74fce2a0eab72cd25cbe4bb61614\Microsoft.VisualBasic.ni.dll",0..
          C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\dhcpmon.exe.log
          Process:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):659
          Entropy (8bit):5.2661344468761735
          Encrypted:false
          SSDEEP:12:Q3LaJU20NaL10U29hJ5g1B0U2ukyrFk70U2U/N0Ug+9Yz9tv:MLF20NaL329hJ5g522rW2U/Pz2T
          MD5:3C153E5BCCA87FF6E091634EE977299F
          SHA1:6DE85803E7FA00C03CE809243EB8162DF036430A
          SHA-256:F0705BDCE38ADB33CA8B414DDB85718985660BC73E0BE4439E0A94384A37797D
          SHA-512:54BDFFA72A0D4122B5B79B092D7E8C3213EB30AE2858188748E52ADD65ADE2F2F887892C06BB8ED790C19F1ED949176B9A9F0113679EF38B74387A189E6DC745
          Malicious:false
          Reputation:unknown
          Preview: 1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\aa840ffb0dd775d9eb8d66c8a8e8cdd9\System.Transactions.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cd7c74fce2a0eab72cd25cbe4bb61614\Microsoft.VisualBasic.ni.dll",0..
          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          File Type:data
          Category:dropped
          Size (bytes):22276
          Entropy (8bit):5.601078379605817
          Encrypted:false
          SSDEEP:384:ftCDRq04b8bw10s+RMSBKnAjultI+37Y9gtSIo3xeT1MaXZlbAV7lqDZw+5ZBDIj:/Ysr4KAClthjtc8C+fwMVY
          MD5:B8BA27B44FEB04A6F4E5609DCB9E3B12
          SHA1:DABA54A294BF151D1D9F8B94A7EA009E9263BAA8
          SHA-256:157DA6A2273D2304DB038A986DBF56FE6866CDCE898E24AF2D7236C5E781BD02
          SHA-512:ED9DE8C655908A27EF8599385916567A72C79E4A2D6791783D248B0BA6B3C2D6085A2C59E90A7AD29FBDD9C7CE3A7ED5037BEC7807CB2AFBB544179E222737AA
          Malicious:false
          Reputation:unknown
          Preview: @...e...........y.......h...Y.N.K.....y...I..........@..........H...............<@.^.L."My...:X..... .Microsoft.PowerShell.ConsoleHostD...............fZve...F.....x.)........System.Management.Automation4...............[...{a.C..%6..h.........System.Core.0...............G-.o...A...4B..........System..4................Zg5..:O..g..q..........System.Xml..L...............7.....J@......~.......#.Microsoft.Management.Infrastructure.8................'....L..}............System.Numerics.@................Lo...QN......<Q........System.DirectoryServices<................H..QN.Y.f............System.Management...4....................].D.E.....#.......System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<.................~.[L.D.Z.>..m.........System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP................./.C..J..%...].......%.Microsoft.PowerShell.Commands.Utility...D..................-.D.F.<;.nt.1........System.Configuration.Ins
          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2a3e0fth.4ow.ps1
          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          File Type:very short file (no magic)
          Category:dropped
          Size (bytes):1
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:3:U:U
          MD5:C4CA4238A0B923820DCC509A6F75849B
          SHA1:356A192B7913B04C54574D18C28D46E6395428AB
          SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
          SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
          Malicious:false
          Reputation:unknown
          Preview: 1
          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_akwf1q30.hpz.ps1
          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          File Type:very short file (no magic)
          Category:dropped
          Size (bytes):1
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:3:U:U
          MD5:C4CA4238A0B923820DCC509A6F75849B
          SHA1:356A192B7913B04C54574D18C28D46E6395428AB
          SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
          SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
          Malicious:false
          Reputation:unknown
          Preview: 1
          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bvonmptw.rvf.psm1
          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          File Type:very short file (no magic)
          Category:dropped
          Size (bytes):1
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:3:U:U
          MD5:C4CA4238A0B923820DCC509A6F75849B
          SHA1:356A192B7913B04C54574D18C28D46E6395428AB
          SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
          SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
          Malicious:false
          Reputation:unknown
          Preview: 1
          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jehjdfyt.vbh.psm1
          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          File Type:very short file (no magic)
          Category:dropped
          Size (bytes):1
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:3:U:U
          MD5:C4CA4238A0B923820DCC509A6F75849B
          SHA1:356A192B7913B04C54574D18C28D46E6395428AB
          SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
          SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
          Malicious:false
          Reputation:unknown
          Preview: 1
          C:\Users\user\AppData\Local\Temp\tmp62E5.tmp
          Process:C:\Users\user\Desktop\INVOLVEMENT.exe
          File Type:XML 1.0 document, ASCII text
          Category:dropped
          Size (bytes):1596
          Entropy (8bit):5.154775660701783
          Encrypted:false
          SSDEEP:24:2di4+S2qh/Q1K1y1mokUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtLuxvn:cge4MYrFdOFzOzN33ODOiDdKrsuTGv
          MD5:9576774F40F2F95D37C69D203B43D51D
          SHA1:E6AC5C866B354966E4278ED4BC0832E88E79F6C3
          SHA-256:7A351888A98D89A22D7A245856C589C53DCA07433A283C96BDF6C3FFC72E7FB8
          SHA-512:BCA5A1993C78641CB9D064FEA2955DC7C8B6C9DE4E74F3CC1B0E73D6610C39456C3C22AB73BFB9827712C92985981FE598357B0F5A17B2D934F9762401365821
          Malicious:true
          Reputation:unknown
          Preview: <?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>computer\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>computer\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>computer\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <
          C:\Users\user\AppData\Local\Temp\tmpE4A8.tmp
          Process:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
          File Type:XML 1.0 document, ASCII text
          Category:dropped
          Size (bytes):1596
          Entropy (8bit):5.154775660701783
          Encrypted:false
          SSDEEP:24:2di4+S2qh/Q1K1y1mokUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtLuxvn:cge4MYrFdOFzOzN33ODOiDdKrsuTGv
          MD5:9576774F40F2F95D37C69D203B43D51D
          SHA1:E6AC5C866B354966E4278ED4BC0832E88E79F6C3
          SHA-256:7A351888A98D89A22D7A245856C589C53DCA07433A283C96BDF6C3FFC72E7FB8
          SHA-512:BCA5A1993C78641CB9D064FEA2955DC7C8B6C9DE4E74F3CC1B0E73D6610C39456C3C22AB73BFB9827712C92985981FE598357B0F5A17B2D934F9762401365821
          Malicious:false
          Reputation:unknown
          Preview: <?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>computer\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>computer\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>computer\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <
          C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
          Process:C:\Users\user\Desktop\INVOLVEMENT.exe
          File Type:Non-ISO extended-ASCII text, with no line terminators
          Category:dropped
          Size (bytes):8
          Entropy (8bit):3.0
          Encrypted:false
          SSDEEP:3:p+:M
          MD5:D58BB095B35B1EE8C4E3A99EBF22555D
          SHA1:D2A96EFDAE9DE56ADB6EDF3CBFF0362B13C006B6
          SHA-256:35F74CE9D9BE88474C3428128284D58AB8661DE5EFF10677A9E1EA301EDB5F53
          SHA-512:E078F9EF993868BC736E5255A1D272EE581C4A1A86A42C43A75C5FCF2099C1279052AD873441EB2B6614A551B4A8EBCDB14B5F98C519F1BB2D9EA46D17E71C27
          Malicious:true
          Reputation:unknown
          Preview: 7..(-..H
          C:\Users\user\AppData\Roaming\nBhOjXWgK.exe
          Process:C:\Users\user\Desktop\INVOLVEMENT.exe
          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):712704
          Entropy (8bit):7.22412268006053
          Encrypted:false
          SSDEEP:12288:dCs9b6OrDTZaVX4ODPBLv5H9oUuds9s8i8OrXedluGP8CV8wgp56:QXDPBLvzoDOa8bOTed5/CPu
          MD5:BD2F16ABB91E630650EDDE48326C8ACD
          SHA1:FCF6E8948581551FA2F5968DFBBC4A4B6DCA58E4
          SHA-256:FE70D2FFE406D987E41C2BDD2A1CB5D9C34B4E22914410603423073055116D5B
          SHA-512:93040C7EFB5130E350BFA77B2A6CC63087B782831A23FAE52A47E9A099F5586AE43F22F2392603A507A2A3389CF0820F6227D903C57ACE7327C909A52090AF8F
          Malicious:true
          Antivirus:
          • Antivirus: Virustotal, Detection: 21%, Browse
          • Antivirus: ReversingLabs, Detection: 27%
          Reputation:unknown
          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...o..a..............0...... ........... ........... ....................... ............@.................................T...O.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          C:\Users\user\AppData\Roaming\nBhOjXWgK.exe:Zone.Identifier
          Process:C:\Users\user\Desktop\INVOLVEMENT.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):26
          Entropy (8bit):3.95006375643621
          Encrypted:false
          SSDEEP:3:ggPYV:rPYV
          MD5:187F488E27DB4AF347237FE461A079AD
          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
          Malicious:false
          Reputation:unknown
          Preview: [ZoneTransfer]....ZoneId=0
          C:\Users\user\Documents\20211122\PowerShell_transcript.675052.Ss2cUV1A.20211122185828.txt
          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
          Category:dropped
          Size (bytes):5761
          Entropy (8bit):5.413851647127764
          Encrypted:false
          SSDEEP:96:BZShZNCqDo1ZdZkhZNCqDo1ZNBLpjZnhZNCqDo1Zb0ZZjZU:i
          MD5:87ED7DFDFDEDE00DEC30E5C7B39370FC
          SHA1:3BEE2E6AA7D86C24D25C28BE5987131D1429BC8A
          SHA-256:5E375921DD3F592589004F621DDC7E968E64DE1CB64B8D19A63A3086628D64BC
          SHA-512:717A29B72EB37E4231AFD3F8422EFBFB96F2CEE0CAC045C5F51EE13AF39EB9BC8379CDB502E81AAC3EF69678CFC9409DAD0108DD84AB5F636A2440F5175F439C
          Malicious:false
          Reputation:unknown
          Preview: .**********************..Windows PowerShell transcript start..Start time: 20211122185829..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 675052 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\user\Desktop\INVOLVEMENT.exe..Process ID: 6056..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20211122185829..**********************..PS>Add-MpPreference -ExclusionPath C:\Users\user\Desktop\INVOLVEMENT.exe..**********************..Windows PowerShell transcript start..Start time: 20211122190308..Username: computer\user..RunAs User: computer\user..Configurati
          C:\Users\user\Documents\20211122\PowerShell_transcript.675052.umIlnlpL.20211122185830.txt
          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
          Category:dropped
          Size (bytes):5785
          Entropy (8bit):5.415374068131018
          Encrypted:false
          SSDEEP:96:BZRhZN0uqDo1ZAwZShZN0uqDo1ZJWM+jZtuhZN0uqDo1ZPGXOOXZY:E5ODFE3
          MD5:81DEEEBD5CB0DA888872F3D6539F1936
          SHA1:E4D65CEC525CC19E99AF75634FDEB443E8270878
          SHA-256:D5373B5CEE331005F3BBB6AF3F92F7BC27720029E0AD479EF62EADE783302927
          SHA-512:F36B8638748D61BA43BF87A3CB54F17D1EF06A4137E594776D3C823EC38370D7557BF97E8F89E2E6B48C513346D2518FABE4A285D7D9AF9FCFD856DC7D1DC948
          Malicious:false
          Reputation:unknown
          Preview: .**********************..Windows PowerShell transcript start..Start time: 20211122185831..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 675052 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\user\AppData\Roaming\nBhOjXWgK.exe..Process ID: 1068..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20211122185831..**********************..PS>Add-MpPreference -ExclusionPath C:\Users\user\AppData\Roaming\nBhOjXWgK.exe..**********************..Windows PowerShell transcript start..Start time: 20211122190232..Username: computer\user..RunAs User: computer\user.

          Static File Info

          General

          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
          Entropy (8bit):7.22412268006053
          TrID:
          • Win32 Executable (generic) Net Framework (10011505/4) 49.79%
          • Win32 Executable (generic) a (10002005/4) 49.75%
          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
          • Windows Screen Saver (13104/52) 0.07%
          • Win16/32 Executable Delphi generic (2074/23) 0.01%
          File name:INVOLVEMENT.exe
          File size:712704
          MD5:bd2f16abb91e630650edde48326c8acd
          SHA1:fcf6e8948581551fa2f5968dfbbc4a4b6dca58e4
          SHA256:fe70d2ffe406d987e41c2bdd2a1cb5d9c34b4e22914410603423073055116d5b
          SHA512:93040c7efb5130e350bfa77b2a6cc63087b782831a23fae52a47e9a099f5586ae43f22f2392603a507a2a3389cf0820f6227d903c57ace7327c909a52090af8f
          SSDEEP:12288:dCs9b6OrDTZaVX4ODPBLv5H9oUuds9s8i8OrXedluGP8CV8wgp56:QXDPBLvzoDOa8bOTed5/CPu
          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...o..a..............0...... ........... ........... ....................... ............@................................

          File Icon

          Icon Hash:00828e8e8686b000

          Static PE Info

          General

          Entrypoint:0x110ac9a6
          Entrypoint Section:.text
          Digitally signed:false
          Imagebase:0x11000000
          Subsystem:windows gui
          Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
          DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Time Stamp:0x619AFA6F [Mon Nov 22 02:03:27 2021 UTC]
          TLS Callbacks:
          CLR (.Net) Version:v2.0.50727
          OS Version Major:4
          OS Version Minor:0
          File Version Major:4
          File Version Minor:0
          Subsystem Version Major:4
          Subsystem Version Minor:0
          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

          Entrypoint Preview

          Instruction
          jmp dword ptr [11002000h]
          aas
          add byte ptr [eax], al
          add byte ptr [esi], cl
          add byte ptr [eax], al
          add byte ptr [edx+08h], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al

          Data Directories

          NameVirtual AddressVirtual Size Is in Section
          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IMPORT0xac9540x4f.text
          IMAGE_DIRECTORY_ENTRY_RESOURCE0xae0000x394.rsrc
          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
          IMAGE_DIRECTORY_ENTRY_BASERELOC0xb00000xc.reloc
          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

          Sections

          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
          .text0x20000xaa9bc0xab000False0.627704107273data7.29580618923IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          .rsrc0xae0000x3940x1000False0.10205078125data0.939616714285IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .reloc0xb00000xc0x1000False0.0087890625data0.0164084645156IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

          Resources

          NameRVASizeTypeLanguageCountry
          RT_VERSION0xae0580x338data

          Imports

          DLLImport
          mscoree.dll_CorExeMain

          Version Infos

          DescriptionData
          Translation0x0000 0x04b0
          LegalCopyright1992 BMW M3
          Assembly Version1.0.0.3
          InternalNameTimerQue.exe
          FileVersion1.0.0.3
          CompanyNameBMW
          LegalTrademarks
          CommentsStructural Eng
          ProductNameSoundTrack
          ProductVersion1.0.0.3
          FileDescriptionSoundTrack
          OriginalFilenameTimerQue.exe

          Network Behavior

          Snort IDS Alerts

          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
          11/22/21-19:00:04.330851UDP254DNS SPOOF query response with TTL of 1 min. and no authority535361537.235.1.177192.168.2.3

          Network Port Distribution

          TCP Packets

          TimestampSource PortDest PortSource IPDest IP
          Nov 22, 2021 18:58:58.352241039 CET497476060192.168.2.3197.211.58.126
          Nov 22, 2021 18:59:01.408693075 CET497476060192.168.2.3197.211.58.126
          Nov 22, 2021 18:59:07.409209013 CET497476060192.168.2.3197.211.58.126
          Nov 22, 2021 18:59:30.694763899 CET497786060192.168.2.3197.211.58.126
          Nov 22, 2021 18:59:33.692763090 CET497786060192.168.2.3197.211.58.126
          Nov 22, 2021 18:59:39.693212986 CET497786060192.168.2.3197.211.58.126
          Nov 22, 2021 19:00:04.349201918 CET497916060192.168.2.3197.211.58.126
          Nov 22, 2021 19:00:07.351802111 CET497916060192.168.2.3197.211.58.126
          Nov 22, 2021 19:00:13.352293968 CET497916060192.168.2.3197.211.58.126

          UDP Packets

          TimestampSource PortDest PortSource IPDest IP
          Nov 22, 2021 18:58:45.897722960 CET5391053192.168.2.337.235.1.174
          Nov 22, 2021 18:58:46.907984018 CET5391053192.168.2.337.235.1.174
          Nov 22, 2021 18:58:47.908210039 CET5391053192.168.2.337.235.1.174
          Nov 22, 2021 18:58:49.952025890 CET5391053192.168.2.337.235.1.174
          Nov 22, 2021 18:58:54.002569914 CET5391053192.168.2.337.235.1.174
          Nov 22, 2021 18:58:58.255359888 CET6402153192.168.2.337.235.1.177
          Nov 22, 2021 18:58:58.298098087 CET536402137.235.1.177192.168.2.3
          Nov 22, 2021 18:59:18.427946091 CET5114353192.168.2.337.235.1.174
          Nov 22, 2021 18:59:19.442158937 CET5114353192.168.2.337.235.1.174
          Nov 22, 2021 18:59:20.458652973 CET5114353192.168.2.337.235.1.174
          Nov 22, 2021 18:59:22.475358009 CET5114353192.168.2.337.235.1.174
          Nov 22, 2021 18:59:26.505485058 CET5114353192.168.2.337.235.1.174
          Nov 22, 2021 18:59:30.646334887 CET4955953192.168.2.337.235.1.177
          Nov 22, 2021 18:59:30.690409899 CET534955937.235.1.177192.168.2.3
          Nov 22, 2021 18:59:50.508071899 CET6329753192.168.2.337.235.1.174
          Nov 22, 2021 18:59:51.507616997 CET6329753192.168.2.337.235.1.174
          Nov 22, 2021 18:59:52.638202906 CET6329753192.168.2.337.235.1.174
          Nov 22, 2021 18:59:54.793246031 CET6329753192.168.2.337.235.1.174
          Nov 22, 2021 18:59:58.857115984 CET6329753192.168.2.337.235.1.174
          Nov 22, 2021 19:00:04.264199018 CET5361553192.168.2.337.235.1.177
          Nov 22, 2021 19:00:04.330851078 CET535361537.235.1.177192.168.2.3

          DNS Queries

          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
          Nov 22, 2021 18:58:45.897722960 CET192.168.2.337.235.1.1740x80ceStandard query (0)xylem11.ddns.netA (IP address)IN (0x0001)
          Nov 22, 2021 18:58:46.907984018 CET192.168.2.337.235.1.1740x80ceStandard query (0)xylem11.ddns.netA (IP address)IN (0x0001)
          Nov 22, 2021 18:58:47.908210039 CET192.168.2.337.235.1.1740x80ceStandard query (0)xylem11.ddns.netA (IP address)IN (0x0001)
          Nov 22, 2021 18:58:49.952025890 CET192.168.2.337.235.1.1740x80ceStandard query (0)xylem11.ddns.netA (IP address)IN (0x0001)
          Nov 22, 2021 18:58:54.002569914 CET192.168.2.337.235.1.1740x80ceStandard query (0)xylem11.ddns.netA (IP address)IN (0x0001)
          Nov 22, 2021 18:58:58.255359888 CET192.168.2.337.235.1.1770x6466Standard query (0)xylem11.ddns.netA (IP address)IN (0x0001)
          Nov 22, 2021 18:59:18.427946091 CET192.168.2.337.235.1.1740xa9acStandard query (0)xylem11.ddns.netA (IP address)IN (0x0001)
          Nov 22, 2021 18:59:19.442158937 CET192.168.2.337.235.1.1740xa9acStandard query (0)xylem11.ddns.netA (IP address)IN (0x0001)
          Nov 22, 2021 18:59:20.458652973 CET192.168.2.337.235.1.1740xa9acStandard query (0)xylem11.ddns.netA (IP address)IN (0x0001)
          Nov 22, 2021 18:59:22.475358009 CET192.168.2.337.235.1.1740xa9acStandard query (0)xylem11.ddns.netA (IP address)IN (0x0001)
          Nov 22, 2021 18:59:26.505485058 CET192.168.2.337.235.1.1740xa9acStandard query (0)xylem11.ddns.netA (IP address)IN (0x0001)
          Nov 22, 2021 18:59:30.646334887 CET192.168.2.337.235.1.1770x236bStandard query (0)xylem11.ddns.netA (IP address)IN (0x0001)
          Nov 22, 2021 18:59:50.508071899 CET192.168.2.337.235.1.1740xaa55Standard query (0)xylem11.ddns.netA (IP address)IN (0x0001)
          Nov 22, 2021 18:59:51.507616997 CET192.168.2.337.235.1.1740xaa55Standard query (0)xylem11.ddns.netA (IP address)IN (0x0001)
          Nov 22, 2021 18:59:52.638202906 CET192.168.2.337.235.1.1740xaa55Standard query (0)xylem11.ddns.netA (IP address)IN (0x0001)
          Nov 22, 2021 18:59:54.793246031 CET192.168.2.337.235.1.1740xaa55Standard query (0)xylem11.ddns.netA (IP address)IN (0x0001)
          Nov 22, 2021 18:59:58.857115984 CET192.168.2.337.235.1.1740xaa55Standard query (0)xylem11.ddns.netA (IP address)IN (0x0001)
          Nov 22, 2021 19:00:04.264199018 CET192.168.2.337.235.1.1770x152bStandard query (0)xylem11.ddns.netA (IP address)IN (0x0001)

          DNS Answers

          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
          Nov 22, 2021 18:58:58.298098087 CET37.235.1.177192.168.2.30x6466No error (0)xylem11.ddns.net197.211.58.126A (IP address)IN (0x0001)
          Nov 22, 2021 18:59:30.690409899 CET37.235.1.177192.168.2.30x236bNo error (0)xylem11.ddns.net197.211.58.126A (IP address)IN (0x0001)
          Nov 22, 2021 19:00:04.330851078 CET37.235.1.177192.168.2.30x152bNo error (0)xylem11.ddns.net197.211.58.126A (IP address)IN (0x0001)

          Code Manipulations

          Statistics

          CPU Usage

          Click to jump to process

          Memory Usage

          Click to jump to process

          High Level Behavior Distribution

          Click to dive into process behavior distribution

          Behavior

          Click to jump to process

          System Behavior

          Analysis Process: INVOLVEMENT.exe PID: 5580 Parent PID: 5116

          General

          Start time:18:58:21
          Start date:22/11/2021
          Path:C:\Users\user\Desktop\INVOLVEMENT.exe
          Wow64 process (32bit):true
          Commandline:"C:\Users\user\Desktop\INVOLVEMENT.exe"
          Imagebase:0xae0000
          File size:712704 bytes
          MD5 hash:BD2F16ABB91E630650EDDE48326C8ACD
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:.Net C# or VB.NET
          Yara matches:
          • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.347800123.000000000459B000.00000004.00000001.sdmp, Author: Florian Roth
          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.347800123.000000000459B000.00000004.00000001.sdmp, Author: Joe Security
          • Rule: NanoCore, Description: unknown, Source: 00000000.00000002.347800123.000000000459B000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
          • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.346333050.00000000032F0000.00000004.00000001.sdmp, Author: Joe Security
          • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.347406003.000000000432B000.00000004.00000001.sdmp, Author: Florian Roth
          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.347406003.000000000432B000.00000004.00000001.sdmp, Author: Joe Security
          • Rule: NanoCore, Description: unknown, Source: 00000000.00000002.347406003.000000000432B000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
          • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.346030593.00000000031F1000.00000004.00000001.sdmp, Author: Joe Security
          Reputation:low

          Chronological Activities

          Analysis Process: powershell.exe PID: 6056 Parent PID: 5580

          General

          Start time:18:58:27
          Start date:22/11/2021
          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          Wow64 process (32bit):true
          Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\INVOLVEMENT.exe
          Imagebase:0xd0000
          File size:430592 bytes
          MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:.Net C# or VB.NET
          Reputation:high

          Chronological Activities

          Analysis Process: conhost.exe PID: 6084 Parent PID: 6056

          General

          Start time:18:58:27
          Start date:22/11/2021
          Path:C:\Windows\System32\conhost.exe
          Wow64 process (32bit):false
          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Imagebase:0x7ff7f20f0000
          File size:625664 bytes
          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:high

          Chronological Activities

          Analysis Process: powershell.exe PID: 1068 Parent PID: 5580

          General

          Start time:18:58:28
          Start date:22/11/2021
          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          Wow64 process (32bit):true
          Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\nBhOjXWgK.exe
          Imagebase:0xd0000
          File size:430592 bytes
          MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:.Net C# or VB.NET
          Reputation:high

          Chronological Activities

          Analysis Process: conhost.exe PID: 6488 Parent PID: 1068

          General

          Start time:18:58:28
          Start date:22/11/2021
          Path:C:\Windows\System32\conhost.exe
          Wow64 process (32bit):false
          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Imagebase:0x7ff7f20f0000
          File size:625664 bytes
          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:high

          Chronological Activities

          Analysis Process: schtasks.exe PID: 4140 Parent PID: 5580

          General

          Start time:18:58:29
          Start date:22/11/2021
          Path:C:\Windows\SysWOW64\schtasks.exe
          Wow64 process (32bit):true
          Commandline:C:\Windows\System32\schtasks.exe" /Create /TN "Updates\nBhOjXWgK" /XML "C:\Users\user\AppData\Local\Temp\tmp62E5.tmp
          Imagebase:0x1110000
          File size:185856 bytes
          MD5 hash:15FF7D8324231381BAD48A052F85DF04
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:high

          Chronological Activities

          Analysis Process: conhost.exe PID: 5332 Parent PID: 4140

          General

          Start time:18:58:30
          Start date:22/11/2021
          Path:C:\Windows\System32\conhost.exe
          Wow64 process (32bit):false
          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Imagebase:0x7ff7f20f0000
          File size:625664 bytes
          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:high

          Chronological Activities

          Analysis Process: INVOLVEMENT.exe PID: 6672 Parent PID: 5580

          General

          Start time:18:58:33
          Start date:22/11/2021
          Path:C:\Users\user\Desktop\INVOLVEMENT.exe
          Wow64 process (32bit):false
          Commandline:C:\Users\user\Desktop\INVOLVEMENT.exe
          Imagebase:0x220000
          File size:712704 bytes
          MD5 hash:BD2F16ABB91E630650EDDE48326C8ACD
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low

          Chronological Activities

          Analysis Process: INVOLVEMENT.exe PID: 6736 Parent PID: 5580

          General

          Start time:18:58:34
          Start date:22/11/2021
          Path:C:\Users\user\Desktop\INVOLVEMENT.exe
          Wow64 process (32bit):true
          Commandline:C:\Users\user\Desktop\INVOLVEMENT.exe
          Imagebase:0xb10000
          File size:712704 bytes
          MD5 hash:BD2F16ABB91E630650EDDE48326C8ACD
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:.Net C# or VB.NET
          Yara matches:
          • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000A.00000000.343625054.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000A.00000000.343625054.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
          • Rule: NanoCore, Description: unknown, Source: 0000000A.00000000.343625054.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
          • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000A.00000000.343062798.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000A.00000000.343062798.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
          • Rule: NanoCore, Description: unknown, Source: 0000000A.00000000.343062798.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000A.00000002.578282446.000000000433A000.00000004.00000001.sdmp, Author: Joe Security
          • Rule: NanoCore, Description: unknown, Source: 0000000A.00000002.578282446.000000000433A000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
          • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000A.00000000.342150321.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000A.00000000.342150321.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
          • Rule: NanoCore, Description: unknown, Source: 0000000A.00000000.342150321.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
          • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000A.00000002.571909993.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000A.00000002.571909993.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
          • Rule: NanoCore, Description: unknown, Source: 0000000A.00000002.571909993.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
          • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000A.00000000.342497274.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000A.00000000.342497274.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
          • Rule: NanoCore, Description: unknown, Source: 0000000A.00000000.342497274.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
          • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000A.00000002.579366918.0000000005960000.00000004.00020000.sdmp, Author: Florian Roth
          • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000A.00000002.579366918.0000000005960000.00000004.00020000.sdmp, Author: Florian Roth
          • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000A.00000002.579427497.0000000005BF0000.00000004.00020000.sdmp, Author: Florian Roth
          • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000A.00000002.579427497.0000000005BF0000.00000004.00020000.sdmp, Author: Florian Roth
          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000A.00000002.579427497.0000000005BF0000.00000004.00020000.sdmp, Author: Joe Security
          Reputation:low

          Chronological Activities

          Analysis Process: dhcpmon.exe PID: 1384 Parent PID: 3352

          General

          Start time:18:58:57
          Start date:22/11/2021
          Path:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
          Wow64 process (32bit):true
          Commandline:"C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe"
          Imagebase:0x520000
          File size:712704 bytes
          MD5 hash:BD2F16ABB91E630650EDDE48326C8ACD
          Has elevated privileges:false
          Has administrator privileges:false
          Programmed in:.Net C# or VB.NET
          Yara matches:
          • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000D.00000002.404832379.0000000003BF1000.00000004.00000001.sdmp, Author: Florian Roth
          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000D.00000002.404832379.0000000003BF1000.00000004.00000001.sdmp, Author: Joe Security
          • Rule: NanoCore, Description: unknown, Source: 0000000D.00000002.404832379.0000000003BF1000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
          • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 0000000D.00000002.402010571.0000000002BF1000.00000004.00000001.sdmp, Author: Joe Security
          • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000D.00000002.404969668.0000000003D05000.00000004.00000001.sdmp, Author: Florian Roth
          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000D.00000002.404969668.0000000003D05000.00000004.00000001.sdmp, Author: Joe Security
          • Rule: NanoCore, Description: unknown, Source: 0000000D.00000002.404969668.0000000003D05000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
          • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 0000000D.00000002.402185132.0000000002CEA000.00000004.00000001.sdmp, Author: Joe Security
          Antivirus matches:
          • Detection: 21%, Virustotal, Browse
          • Detection: 27%, ReversingLabs
          Reputation:low

          Chronological Activities

          Analysis Process: schtasks.exe PID: 5760 Parent PID: 1384

          General

          Start time:18:59:02
          Start date:22/11/2021
          Path:C:\Windows\SysWOW64\schtasks.exe
          Wow64 process (32bit):true
          Commandline:C:\Windows\System32\schtasks.exe" /Create /TN "Updates\nBhOjXWgK" /XML "C:\Users\user\AppData\Local\Temp\tmpE4A8.tmp
          Imagebase:0x1110000
          File size:185856 bytes
          MD5 hash:15FF7D8324231381BAD48A052F85DF04
          Has elevated privileges:false
          Has administrator privileges:false
          Programmed in:C, C++ or other language
          Reputation:high

          Chronological Activities

          Analysis Process: conhost.exe PID: 6124 Parent PID: 5760

          General

          Start time:18:59:02
          Start date:22/11/2021
          Path:C:\Windows\System32\conhost.exe
          Wow64 process (32bit):false
          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Imagebase:0x7ff7f20f0000
          File size:625664 bytes
          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
          Has elevated privileges:false
          Has administrator privileges:false
          Programmed in:C, C++ or other language
          Reputation:high

          Chronological Activities

          Analysis Process: dhcpmon.exe PID: 6252 Parent PID: 1384

          General

          Start time:18:59:03
          Start date:22/11/2021
          Path:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
          Wow64 process (32bit):false
          Commandline:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
          Imagebase:0x120000
          File size:712704 bytes
          MD5 hash:BD2F16ABB91E630650EDDE48326C8ACD
          Has elevated privileges:false
          Has administrator privileges:false
          Programmed in:C, C++ or other language

          Chronological Activities

          Analysis Process: dhcpmon.exe PID: 1312 Parent PID: 1384

          General

          Start time:18:59:04
          Start date:22/11/2021
          Path:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
          Wow64 process (32bit):true
          Commandline:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
          Imagebase:0xc00000
          File size:712704 bytes
          MD5 hash:BD2F16ABB91E630650EDDE48326C8ACD
          Has elevated privileges:false
          Has administrator privileges:false
          Programmed in:.Net C# or VB.NET
          Yara matches:
          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000011.00000002.414866902.0000000004431000.00000004.00000001.sdmp, Author: Joe Security
          • Rule: NanoCore, Description: unknown, Source: 00000011.00000002.414866902.0000000004431000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000011.00000002.414818453.0000000003431000.00000004.00000001.sdmp, Author: Joe Security
          • Rule: NanoCore, Description: unknown, Source: 00000011.00000002.414818453.0000000003431000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
          • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000011.00000000.396841845.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000011.00000000.396841845.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
          • Rule: NanoCore, Description: unknown, Source: 00000011.00000000.396841845.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
          • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000011.00000002.413923422.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000011.00000002.413923422.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
          • Rule: NanoCore, Description: unknown, Source: 00000011.00000002.413923422.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
          • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000011.00000000.397591882.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000011.00000000.397591882.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
          • Rule: NanoCore, Description: unknown, Source: 00000011.00000000.397591882.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
          • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000011.00000000.398302623.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000011.00000000.398302623.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
          • Rule: NanoCore, Description: unknown, Source: 00000011.00000000.398302623.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
          • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000011.00000000.398984180.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
          • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000011.00000000.398984180.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
          • Rule: NanoCore, Description: unknown, Source: 00000011.00000000.398984180.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>

          Chronological Activities

          Disassembly

          Code Analysis

          Reset < >

            Analysis Process: INVOLVEMENT.exe PID: 5580 Parent PID: 5116 INVOLVEMENT.exeCOMMON

            Executed Functions

            Function 05320260, Relevance: 14.3, Strings: 9, Instructions: 3060COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID: @'q$@'q$@'q$@'q$@'q$@'q$@'q$@'q$@'q
            • API String ID: 0-284968683
            • Opcode ID: d777533ed92eab5f496ab3b02d744e4a1f97abe9102105300c377940038f44ab
            • Instruction ID: 16c2e11927c7bcf64243b620d9f3934eb0009a1d1abb79bbd73984df2b45c136
            • Opcode Fuzzy Hash: d777533ed92eab5f496ab3b02d744e4a1f97abe9102105300c377940038f44ab
            • Instruction Fuzzy Hash: 7663C574A012198FCB2ADB24C994BEDB7B6FF89300F5145E8E4196B365CB71AE81CF50
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05320251, Relevance: 14.3, Strings: 9, Instructions: 3017COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID: @'q$@'q$@'q$@'q$@'q$@'q$@'q$@'q$@'q
            • API String ID: 0-284968683
            • Opcode ID: b195bf26138083204b19ebfa667735f4e09f12087b4f8bf669610a3ed4043c3f
            • Instruction ID: 9939b64da965ba2211d776edd3b899a05155039286e0ce44f3be8e18a76fff1d
            • Opcode Fuzzy Hash: b195bf26138083204b19ebfa667735f4e09f12087b4f8bf669610a3ed4043c3f
            • Instruction Fuzzy Hash: 5B63C474A012198FCB2ADB24C994BEDB7B6BF89300F5145E8E4196B365CB71AEC1CF50
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05B20006, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
            Download Yara Rule
            APIs
            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 05B2007B
            Memory Dump Source
            • Source File: 00000000.00000002.348430925.0000000005B20000.00000040.00000001.sdmp, Offset: 05B20000, based on PE: false
            Similarity
            • API ID: AdjustPrivilegesToken
            • String ID:
            • API String ID: 2874748243-0
            • Opcode ID: 3d247872bfd18007bb501c76f9ad4686c20d8e9120c18fd162b17dd31c10f6ef
            • Instruction ID: 0d9a139d2c312d35e1216ccd11a68935de6c29d4ecf8f92e145cbf25c99c8cdd
            • Opcode Fuzzy Hash: 3d247872bfd18007bb501c76f9ad4686c20d8e9120c18fd162b17dd31c10f6ef
            • Instruction Fuzzy Hash: 842183715053849FD7228F65DC44B52BFF4EF06220F0984EAED858B563D375A918CB72
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05B2017D, Relevance: 1.6, APIs: 1, Instructions: 57nativeCOMMON
            Download Yara Rule
            APIs
            • NtQuerySystemInformation.NTDLL ref: 05B201E9
            Memory Dump Source
            • Source File: 00000000.00000002.348430925.0000000005B20000.00000040.00000001.sdmp, Offset: 05B20000, based on PE: false
            Similarity
            • API ID: InformationQuerySystem
            • String ID:
            • API String ID: 3562636166-0
            • Opcode ID: d7c661b91dc0ba9c1e6355e763329c1509759b01b816e2662732a971fef5ce84
            • Instruction ID: b983a3c796deab4e9a4bd9fd038ddda06058ee05e42e6768e81edac2c4ab527c
            • Opcode Fuzzy Hash: d7c661b91dc0ba9c1e6355e763329c1509759b01b816e2662732a971fef5ce84
            • Instruction Fuzzy Hash: 1B118E724093C49FDB228F14DC45A52FFB4EF56324F0984DBED894B163D265A908DB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05B20032, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
            Download Yara Rule
            APIs
            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 05B2007B
            Memory Dump Source
            • Source File: 00000000.00000002.348430925.0000000005B20000.00000040.00000001.sdmp, Offset: 05B20000, based on PE: false
            Similarity
            • API ID: AdjustPrivilegesToken
            • String ID:
            • API String ID: 2874748243-0
            • Opcode ID: 081ac7cfa5049f4bb68a51f30ffe78b8cd69d9a647be1307e63c2fc84aa8ef12
            • Instruction ID: 579fbc1334ebea651b770211e3f71b04e17423c1fc80163dac35c34234640888
            • Opcode Fuzzy Hash: 081ac7cfa5049f4bb68a51f30ffe78b8cd69d9a647be1307e63c2fc84aa8ef12
            • Instruction Fuzzy Hash: 981151315003489FEB21DF55D988B66FBE5EF04220F08C4AADD4A8B616E775E418CB72
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05B201AE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
            Download Yara Rule
            APIs
            • NtQuerySystemInformation.NTDLL ref: 05B201E9
            Memory Dump Source
            • Source File: 00000000.00000002.348430925.0000000005B20000.00000040.00000001.sdmp, Offset: 05B20000, based on PE: false
            Similarity
            • API ID: InformationQuerySystem
            • String ID:
            • API String ID: 3562636166-0
            • Opcode ID: 7099316d40740d6e0536b1406ab9fdf7dfb3ddac05170a8cea9f73d4437f83da
            • Instruction ID: 5670dcbe78f5c748e550211f69eac531e9c653d7cf0d4b86cc9909c5035407b5
            • Opcode Fuzzy Hash: 7099316d40740d6e0536b1406ab9fdf7dfb3ddac05170a8cea9f73d4437f83da
            • Instruction Fuzzy Hash: CF0178314002489FDB21DF4AD988B26FBA5EF58321F18C49AED890B616C275A458CF72
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05323C28, Relevance: 3.8, Strings: 3, Instructions: 59COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID: X$q$X$q$X$q
            • API String ID: 0-1048160887
            • Opcode ID: 7c989ba1fbc6e4739bede4afd52fff0c6411107b150810281692e65b883b36fd
            • Instruction ID: f36f9589657c6e3ec396f1093d4d951650c9737e3cebfccd0d7fc734ae0af9a4
            • Opcode Fuzzy Hash: 7c989ba1fbc6e4739bede4afd52fff0c6411107b150810281692e65b883b36fd
            • Instruction Fuzzy Hash: 9C211574D0422CDBCB09DFAAC9419EDBBB2FF88300F248469D40577254DB395D82DB65
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532475E, Relevance: 2.7, Strings: 2, Instructions: 158COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID: /$c
            • API String ID: 0-3909290379
            • Opcode ID: 9a7fc8e963422b21793676e46f35f0cece088e633669113804cdc693d2f741dc
            • Instruction ID: 6a19dea8d7bb8ec355d8f1e9ef84b3630ae901b85265cb6b4fbf5c42a12b4106
            • Opcode Fuzzy Hash: 9a7fc8e963422b21793676e46f35f0cece088e633669113804cdc693d2f741dc
            • Instruction Fuzzy Hash: B3510774E082A89FCF01CFA8C4809ADFBF5BF0A314F248699E865EB245D7749941CF41
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05323AA9, Relevance: 2.6, Strings: 2, Instructions: 86COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID: X1q$X1q
            • API String ID: 0-2961807067
            • Opcode ID: 556ecefa31f7426153d752608edf8bbef6da564dd89d8fd88a7fa2fcfa7d5f2b
            • Instruction ID: ce1ff0c688de8ac2ab8ef91ad71d6efa382e0cf76b7dc2b39a73d515cab8189c
            • Opcode Fuzzy Hash: 556ecefa31f7426153d752608edf8bbef6da564dd89d8fd88a7fa2fcfa7d5f2b
            • Instruction Fuzzy Hash: F631D375E01619EFCB09DFAAD981AEEBBB2FF89300F248429E505A7310D7359941CF54
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05323AB8, Relevance: 2.6, Strings: 2, Instructions: 79COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID: X1q$X1q
            • API String ID: 0-2961807067
            • Opcode ID: d647da2320a9cce0c10e3211fb9aed736c360eeafda32a3716601edd59e87af5
            • Instruction ID: 19213ea38cc7a43a4610529815a2875c657666c6f77acb6f0b6a18efc34f3ed8
            • Opcode Fuzzy Hash: d647da2320a9cce0c10e3211fb9aed736c360eeafda32a3716601edd59e87af5
            • Instruction Fuzzy Hash: C131C575E01219EFCB09DFAAD9809EEBBB2FF89310F248029E505A7314D7359941CF54
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05323C19, Relevance: 2.6, Strings: 2, Instructions: 61COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID: X$q$X$q
            • API String ID: 0-2352092357
            • Opcode ID: 04a02cae32ca5796516f29c74964201e17433cf99a7083a7c6cd0312a4a1e1d1
            • Instruction ID: 2caea1f92de774041d263f59bfd22d566e2b2c00bad3672afa0e591059a83186
            • Opcode Fuzzy Hash: 04a02cae32ca5796516f29c74964201e17433cf99a7083a7c6cd0312a4a1e1d1
            • Instruction Fuzzy Hash: 5B215870D04628DBCB09CFAAC981AFEBBB2FF88300F248469C40577250D73A1D91CB64
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05B20C1A, Relevance: 1.6, APIs: 1, Instructions: 103COMMON
            Download Yara Rule
            APIs
            • GetTempFileNameW.KERNELBASE(?,00000E2C,?,?), ref: 05B20CFA
            Memory Dump Source
            • Source File: 00000000.00000002.348430925.0000000005B20000.00000040.00000001.sdmp, Offset: 05B20000, based on PE: false
            Similarity
            • API ID: FileNameTemp
            • String ID:
            • API String ID: 745986568-0
            • Opcode ID: 0cba3d0d43612d3dc873829437b6a070b42bcfe2a52e622f86c735eaa30669a3
            • Instruction ID: 7517a7367e4bdff812094b9b3b4b1f783af317055979c3f23cf805059b0cc461
            • Opcode Fuzzy Hash: 0cba3d0d43612d3dc873829437b6a070b42bcfe2a52e622f86c735eaa30669a3
            • Instruction Fuzzy Hash: 76319C7140E3C05FD7039B358C51A62BFB4EF87620F0A84DBD8849F1A3D624691AC7B2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05B20FD3, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
            Download Yara Rule
            APIs
            • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 05B2108B
            Memory Dump Source
            • Source File: 00000000.00000002.348430925.0000000005B20000.00000040.00000001.sdmp, Offset: 05B20000, based on PE: false
            Similarity
            • API ID: DuplicateHandle
            • String ID:
            • API String ID: 3793708945-0
            • Opcode ID: 0640cc0bd72d2d67660cf4a6982b5e79e9ae8b0fb80489c4418c20d1fbcd0fa9
            • Instruction ID: 6b64ced6bd21bfd4b58be7ffcb7dfefa42940ad1e803edeab47377bc391cc5f6
            • Opcode Fuzzy Hash: 0640cc0bd72d2d67660cf4a6982b5e79e9ae8b0fb80489c4418c20d1fbcd0fa9
            • Instruction Fuzzy Hash: 06310A710043846FEB22CF65CC85FA7BFACEF05310F0485AAE9859B152D325A548CB71
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05B20D30, Relevance: 1.6, APIs: 1, Instructions: 90fileCOMMON
            Download Yara Rule
            APIs
            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 05B20DD1
            Memory Dump Source
            • Source File: 00000000.00000002.348430925.0000000005B20000.00000040.00000001.sdmp, Offset: 05B20000, based on PE: false
            Similarity
            • API ID: CreateFile
            • String ID:
            • API String ID: 823142352-0
            • Opcode ID: 53ed77cb39c48e7c6dc07af99ba55d56871599bc28862952a3c056e398d0bb1a
            • Instruction ID: 7026f5647c077da61e6ee68c9252cdc6304ac4a241525f16cbecc9fa7b2a8f44
            • Opcode Fuzzy Hash: 53ed77cb39c48e7c6dc07af99ba55d56871599bc28862952a3c056e398d0bb1a
            • Instruction Fuzzy Hash: DF318D71505384AFE722DF69CC44F66BFE8EF05210F0884AAE9898B252D365F809CB71
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05B20612, Relevance: 1.6, APIs: 1, Instructions: 89fileCOMMON
            Download Yara Rule
            APIs
            • CopyFileW.KERNELBASE(?,?,?), ref: 05B2069E
            Memory Dump Source
            • Source File: 00000000.00000002.348430925.0000000005B20000.00000040.00000001.sdmp, Offset: 05B20000, based on PE: false
            Similarity
            • API ID: CopyFile
            • String ID:
            • API String ID: 1304948518-0
            • Opcode ID: 916b25fc27b6e744b8039a68cd91c75222df391acd392e07c0d3c80749509943
            • Instruction ID: f70399e40d43fcefb1bb4bc570a1b3a27c37206474d73b12c56a6deb2a31dd33
            • Opcode Fuzzy Hash: 916b25fc27b6e744b8039a68cd91c75222df391acd392e07c0d3c80749509943
            • Instruction Fuzzy Hash: 14318D7150E3C45FD7138B259C65AA2BFB8AF43210F0D84DBD889CF1A3D229A848C762
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05B21368, Relevance: 1.6, APIs: 1, Instructions: 87COMMON
            Download Yara Rule
            APIs
            • TerminateProcess.KERNELBASE(?,00000E2C,54C643FF,00000000,00000000,00000000,00000000), ref: 05B213FC
            Memory Dump Source
            • Source File: 00000000.00000002.348430925.0000000005B20000.00000040.00000001.sdmp, Offset: 05B20000, based on PE: false
            Similarity
            • API ID: ProcessTerminate
            • String ID:
            • API String ID: 560597551-0
            • Opcode ID: cee06563ecb3f989e973aa3a2831b7593738a5ff59d83daaf9098e1768aae747
            • Instruction ID: fe868b1c74625fd65323c7f5f5273e67cd1709140d07416d3d14a06daf37a3c4
            • Opcode Fuzzy Hash: cee06563ecb3f989e973aa3a2831b7593738a5ff59d83daaf9098e1768aae747
            • Instruction Fuzzy Hash: 9621B6715093806FEB128B24DD45BA6BFA8EF46324F1884DAED88DF193D224A945CB71
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05B2100E, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
            Download Yara Rule
            APIs
            • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 05B2108B
            Memory Dump Source
            • Source File: 00000000.00000002.348430925.0000000005B20000.00000040.00000001.sdmp, Offset: 05B20000, based on PE: false
            Similarity
            • API ID: DuplicateHandle
            • String ID:
            • API String ID: 3793708945-0
            • Opcode ID: 0bdb8045a3c15383857ab4339afd81ec740413290495454ac47bf533a5e8af1e
            • Instruction ID: a2ad1c156dda8876a8780edd1b873cced7b6ae37ade1968ce88607eeb365d773
            • Opcode Fuzzy Hash: 0bdb8045a3c15383857ab4339afd81ec740413290495454ac47bf533a5e8af1e
            • Instruction Fuzzy Hash: 22210372400244AFEB22CF69CD84F6BFBACEF04320F04886AED49DB151D230A408CBB1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05B210E9, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
            Download Yara Rule
            APIs
            • DeleteFileW.KERNELBASE(?), ref: 05B21170
            Memory Dump Source
            • Source File: 00000000.00000002.348430925.0000000005B20000.00000040.00000001.sdmp, Offset: 05B20000, based on PE: false
            Similarity
            • API ID: DeleteFile
            • String ID:
            • API String ID: 4033686569-0
            • Opcode ID: 886548ec04fd8de1c93d42371586c8e1aee68f6319beecc0b34268c11077a419
            • Instruction ID: 1b432cc6af691dc204605c0189d772c4de39954dcb16e104c53eb4f2d149b25e
            • Opcode Fuzzy Hash: 886548ec04fd8de1c93d42371586c8e1aee68f6319beecc0b34268c11077a419
            • Instruction Fuzzy Hash: F721A1715093C05FD712CB29DC54A92BFA4EF43210F1984DBDD858F2A3D225A908CB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05B20D52, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
            Download Yara Rule
            APIs
            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 05B20DD1
            Memory Dump Source
            • Source File: 00000000.00000002.348430925.0000000005B20000.00000040.00000001.sdmp, Offset: 05B20000, based on PE: false
            Similarity
            • API ID: CreateFile
            • String ID:
            • API String ID: 823142352-0
            • Opcode ID: 339c3bbe1921b09189cf44fe520c1d0bb8145de892f1897d7070fa908333cf78
            • Instruction ID: 866a7474b78749e99f1431af9e033ac5720a250571e277c596dac7784b019738
            • Opcode Fuzzy Hash: 339c3bbe1921b09189cf44fe520c1d0bb8145de892f1897d7070fa908333cf78
            • Instruction Fuzzy Hash: 02219C75501244AFE721EF69CD89B66FBE8EF08310F0484AAED898B252D371F404CB75
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05B20EF8, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
            Download Yara Rule
            APIs
            • WriteFile.KERNELBASE(?,00000E2C,54C643FF,00000000,00000000,00000000,00000000), ref: 05B20F89
            Memory Dump Source
            • Source File: 00000000.00000002.348430925.0000000005B20000.00000040.00000001.sdmp, Offset: 05B20000, based on PE: false
            Similarity
            • API ID: FileWrite
            • String ID:
            • API String ID: 3934441357-0
            • Opcode ID: 7359ed19d118764d612767ae1231878e7768c7e0182ca7b4a3e7491bbf9c0f43
            • Instruction ID: 1152d43654c510e5cf27e81943a69276c3554b9352913743e2a9443aea1d2311
            • Opcode Fuzzy Hash: 7359ed19d118764d612767ae1231878e7768c7e0182ca7b4a3e7491bbf9c0f43
            • Instruction Fuzzy Hash: BD21B071409380AFE722CF24DD45F66BFB8EF46310F0884DBE9849B163C224A509CBB2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05B20E38, Relevance: 1.6, APIs: 1, Instructions: 70COMMON
            Download Yara Rule
            APIs
            • GetFileType.KERNELBASE(?,00000E2C,54C643FF,00000000,00000000,00000000,00000000), ref: 05B20EBD
            Memory Dump Source
            • Source File: 00000000.00000002.348430925.0000000005B20000.00000040.00000001.sdmp, Offset: 05B20000, based on PE: false
            Similarity
            • API ID: FileType
            • String ID:
            • API String ID: 3081899298-0
            • Opcode ID: 4de17c8750c03127a1162e3c9aed089c7ab98407aa9a174eca27a8f5e5923f34
            • Instruction ID: a525fb9d1d83f416864f9556b5fa795547c00df68ed29d358c826ec3e14f319a
            • Opcode Fuzzy Hash: 4de17c8750c03127a1162e3c9aed089c7ab98407aa9a174eca27a8f5e5923f34
            • Instruction Fuzzy Hash: 6F21C3714083846FE7128B299D55FA7BFACEF46620F0880DAED859B153C264A848C771
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05B200C8, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
            Download Yara Rule
            APIs
            • FindCloseChangeNotification.KERNELBASE(?), ref: 05B20134
            Memory Dump Source
            • Source File: 00000000.00000002.348430925.0000000005B20000.00000040.00000001.sdmp, Offset: 05B20000, based on PE: false
            Similarity
            • API ID: ChangeCloseFindNotification
            • String ID:
            • API String ID: 2591292051-0
            • Opcode ID: 7b4f15047a47573accdc643cbab2b6667bf676096670638666cce1aa3a79977a
            • Instruction ID: 1bc3605f7bb358ac33725cde273f2dbd83361eb881ed910dbcd02bb18a1c9e61
            • Opcode Fuzzy Hash: 7b4f15047a47573accdc643cbab2b6667bf676096670638666cce1aa3a79977a
            • Instruction Fuzzy Hash: 4021A1725093C45FDB128B25DC94A92BFB4EF47224F0980DAED858F263D264A908CB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05B211B7, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
            Download Yara Rule
            APIs
            • K32EnumProcesses.KERNEL32(?,?,?,54C643FF,00000000,?,?,?,?,?,?,?,?,72733C38), ref: 05B2122A
            Memory Dump Source
            • Source File: 00000000.00000002.348430925.0000000005B20000.00000040.00000001.sdmp, Offset: 05B20000, based on PE: false
            Similarity
            • API ID: EnumProcesses
            • String ID:
            • API String ID: 84517404-0
            • Opcode ID: 36210f9fcfd2b74c3deb096f6384d3b6e9c905c7e066825ab70201a5df42ca3d
            • Instruction ID: e3ffcf1215b32aed4518afbde110a93ce65b4f09e8809bdec5b0479a62934f25
            • Opcode Fuzzy Hash: 36210f9fcfd2b74c3deb096f6384d3b6e9c905c7e066825ab70201a5df42ca3d
            • Instruction Fuzzy Hash: 352183755093845FD712CF65DC84B52BFE8EF46210F0984EAE945CB163D234A408CB61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05B214ED, Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON
            Download Yara Rule
            APIs
            • PostMessageW.USER32(?,?,?,?), ref: 05B21561
            Memory Dump Source
            • Source File: 00000000.00000002.348430925.0000000005B20000.00000040.00000001.sdmp, Offset: 05B20000, based on PE: false
            Similarity
            • API ID: MessagePost
            • String ID:
            • API String ID: 410705778-0
            • Opcode ID: ebc5e55a0b602a73eef9826b14513af8dae1e86364ccdf2313f0c8301beb0b89
            • Instruction ID: 92118ddfa89dcead2e3973d01e4421a361d43510381bc8934dfd305ac9c4cfdd
            • Opcode Fuzzy Hash: ebc5e55a0b602a73eef9826b14513af8dae1e86364ccdf2313f0c8301beb0b89
            • Instruction Fuzzy Hash: 5E215C7140A3C09FDB238F25DC44A52BFB4EF17220F0985DBE9858F163D265A858DB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05B213A6, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
            Download Yara Rule
            APIs
            • TerminateProcess.KERNELBASE(?,00000E2C,54C643FF,00000000,00000000,00000000,00000000), ref: 05B213FC
            Memory Dump Source
            • Source File: 00000000.00000002.348430925.0000000005B20000.00000040.00000001.sdmp, Offset: 05B20000, based on PE: false
            Similarity
            • API ID: ProcessTerminate
            • String ID:
            • API String ID: 560597551-0
            • Opcode ID: 91d5d1c14d2f46e04f5c3746a0a124609577a51bd9b99b48b50ae09d50cb78ea
            • Instruction ID: ba99a2435448f9028d50a78f5f1f11a6925053228c2a161b89c06a27d04995a6
            • Opcode Fuzzy Hash: 91d5d1c14d2f46e04f5c3746a0a124609577a51bd9b99b48b50ae09d50cb78ea
            • Instruction Fuzzy Hash: AE11C671500244AFEB11DF29DE85B6BFB9CEF45320F14C4AAED49DB242D674A404CBB6
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05B20F2A, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
            Download Yara Rule
            APIs
            • WriteFile.KERNELBASE(?,00000E2C,54C643FF,00000000,00000000,00000000,00000000), ref: 05B20F89
            Memory Dump Source
            • Source File: 00000000.00000002.348430925.0000000005B20000.00000040.00000001.sdmp, Offset: 05B20000, based on PE: false
            Similarity
            • API ID: FileWrite
            • String ID:
            • API String ID: 3934441357-0
            • Opcode ID: 584c70fb5cfb390f33402050a0101fc0131fe455fe806198bc025c0c2bbb611b
            • Instruction ID: 6fe12fd45b1c290662af4527ba05e8c34ac5f18cf8bb5d55013bd0d263ddb3fb
            • Opcode Fuzzy Hash: 584c70fb5cfb390f33402050a0101fc0131fe455fe806198bc025c0c2bbb611b
            • Instruction Fuzzy Hash: 13112731444604AFEB22DF54DE89FA6FBA8EF44720F1484AAED499B212C330A504CBB1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05B207B4, Relevance: 1.6, APIs: 1, Instructions: 59COMMON
            Download Yara Rule
            APIs
            • SetFileAttributesW.KERNELBASE(?,?), ref: 05B20813
            Memory Dump Source
            • Source File: 00000000.00000002.348430925.0000000005B20000.00000040.00000001.sdmp, Offset: 05B20000, based on PE: false
            Similarity
            • API ID: AttributesFile
            • String ID:
            • API String ID: 3188754299-0
            • Opcode ID: 90fcaa9b1eb82d09e0dab556eb0a519b9b178bf5f7e5a9dc2f1ad6a175b008fa
            • Instruction ID: 6b1132ac005b793b77337b3a81d6103d1cdfeb85bd2f485ce0011d47df0fb357
            • Opcode Fuzzy Hash: 90fcaa9b1eb82d09e0dab556eb0a519b9b178bf5f7e5a9dc2f1ad6a175b008fa
            • Instruction Fuzzy Hash: EB1151715053849FD7118F25DC85B66BFA8EF46220F0984EAED498F652D268A844CB71
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05B20656, Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
            Download Yara Rule
            APIs
            • CopyFileW.KERNELBASE(?,?,?), ref: 05B2069E
            Memory Dump Source
            • Source File: 00000000.00000002.348430925.0000000005B20000.00000040.00000001.sdmp, Offset: 05B20000, based on PE: false
            Similarity
            • API ID: CopyFile
            • String ID:
            • API String ID: 1304948518-0
            • Opcode ID: e73b1679ce8e2373f45cdbe9259f3a81833571130e2f6568d00d1b0fd0820583
            • Instruction ID: f10cc920a5c677121fd256ef2c967d654e105bc8bd251d3b72c78e24cbd09605
            • Opcode Fuzzy Hash: e73b1679ce8e2373f45cdbe9259f3a81833571130e2f6568d00d1b0fd0820583
            • Instruction Fuzzy Hash: D411A5715042448FD711DF2AD989B56FBD8EF44220F08C4AADD4ACB646D274E404CB72
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05B20E6A, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
            Download Yara Rule
            APIs
            • GetFileType.KERNELBASE(?,00000E2C,54C643FF,00000000,00000000,00000000,00000000), ref: 05B20EBD
            Memory Dump Source
            • Source File: 00000000.00000002.348430925.0000000005B20000.00000040.00000001.sdmp, Offset: 05B20000, based on PE: false
            Similarity
            • API ID: FileType
            • String ID:
            • API String ID: 3081899298-0
            • Opcode ID: f0d442bed21949c95de70307fe8949f5bbd627e33b8e8712b8284e573e6b7977
            • Instruction ID: 95c23fffca5bf3046bb9a915b678fd8f2f098469a5104e0d9ed6b22ec5c7ba69
            • Opcode Fuzzy Hash: f0d442bed21949c95de70307fe8949f5bbd627e33b8e8712b8284e573e6b7977
            • Instruction Fuzzy Hash: CE012631400204AFE711EB19CE89F76FB9CEF04320F14C09AED499B242C274B444CBB5
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05B211EA, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
            Download Yara Rule
            APIs
            • K32EnumProcesses.KERNEL32(?,?,?,54C643FF,00000000,?,?,?,?,?,?,?,?,72733C38), ref: 05B2122A
            Memory Dump Source
            • Source File: 00000000.00000002.348430925.0000000005B20000.00000040.00000001.sdmp, Offset: 05B20000, based on PE: false
            Similarity
            • API ID: EnumProcesses
            • String ID:
            • API String ID: 84517404-0
            • Opcode ID: 58cb730323c77c9cf7262a042b10836a2deb46e00837d422cc899b8b0dd7c96b
            • Instruction ID: 42fa85b0c309cb4a6ca8af5cfafdef9682bebfb1d1741cd3eb1070882cfc4fa3
            • Opcode Fuzzy Hash: 58cb730323c77c9cf7262a042b10836a2deb46e00837d422cc899b8b0dd7c96b
            • Instruction Fuzzy Hash: A8116D755042449FDB21CF69D984B66FBE8EF44620F08C4AAED49CB652D674E408CF72
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05B207D6, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
            Download Yara Rule
            APIs
            • SetFileAttributesW.KERNELBASE(?,?), ref: 05B20813
            Memory Dump Source
            • Source File: 00000000.00000002.348430925.0000000005B20000.00000040.00000001.sdmp, Offset: 05B20000, based on PE: false
            Similarity
            • API ID: AttributesFile
            • String ID:
            • API String ID: 3188754299-0
            • Opcode ID: ee11670097a3dc12c33854dbb106a64a41e31b221e6bbf0754212e6a739deda9
            • Instruction ID: 6430bc9a3aa6deaa0e2c35389e3c3a469bfa82e509067ca62b193e4942a43676
            • Opcode Fuzzy Hash: ee11670097a3dc12c33854dbb106a64a41e31b221e6bbf0754212e6a739deda9
            • Instruction Fuzzy Hash: EB019E719002449FDB11DF29D989766FBD8EF44220F08C4AADD4DCFA56E674E404CBB2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05B21136, Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
            Download Yara Rule
            APIs
            • DeleteFileW.KERNELBASE(?), ref: 05B21170
            Memory Dump Source
            • Source File: 00000000.00000002.348430925.0000000005B20000.00000040.00000001.sdmp, Offset: 05B20000, based on PE: false
            Similarity
            • API ID: DeleteFile
            • String ID:
            • API String ID: 4033686569-0
            • Opcode ID: 30e5223fb66201c21ec9ac365add1933247e3e50125d9635e6f7606ea17c5b1b
            • Instruction ID: 00324507803af193108f0db097a3f8d9894a5ee89b1def85f84a716db806204f
            • Opcode Fuzzy Hash: 30e5223fb66201c21ec9ac365add1933247e3e50125d9635e6f7606ea17c5b1b
            • Instruction Fuzzy Hash: 14019E719002449FEB11CF2ED985766FB98EF44221F18C4AADD49CB246D274E444CB72
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05B20CAA, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
            Download Yara Rule
            APIs
            • GetTempFileNameW.KERNELBASE(?,00000E2C,?,?), ref: 05B20CFA
            Memory Dump Source
            • Source File: 00000000.00000002.348430925.0000000005B20000.00000040.00000001.sdmp, Offset: 05B20000, based on PE: false
            Similarity
            • API ID: FileNameTemp
            • String ID:
            • API String ID: 745986568-0
            • Opcode ID: 73e832270f94463348bea02b368448d2e3b8c17b6075fdc890adefe24c587fc9
            • Instruction ID: 9cd067ff6fd68d8c34ef7a433549e39bfc77f122ff9906b6c6c7f409ea814964
            • Opcode Fuzzy Hash: 73e832270f94463348bea02b368448d2e3b8c17b6075fdc890adefe24c587fc9
            • Instruction Fuzzy Hash: 7501B171500200ABD350DF1ADC81B26FBA8FB88B20F14C16AED088B641D631B515CBA5
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05B20102, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
            Download Yara Rule
            APIs
            • FindCloseChangeNotification.KERNELBASE(?), ref: 05B20134
            Memory Dump Source
            • Source File: 00000000.00000002.348430925.0000000005B20000.00000040.00000001.sdmp, Offset: 05B20000, based on PE: false
            Similarity
            • API ID: ChangeCloseFindNotification
            • String ID:
            • API String ID: 2591292051-0
            • Opcode ID: a2deca4183d287f6a7a3ec5be316d193dbdc0d85633672c87eca92656b26daa6
            • Instruction ID: 58e4e82f6a9faa69a49bfef4ee6b0acce2774724a43d863774c6c7faa2e4b81c
            • Opcode Fuzzy Hash: a2deca4183d287f6a7a3ec5be316d193dbdc0d85633672c87eca92656b26daa6
            • Instruction Fuzzy Hash: CA01DF315002448FDB11DF2AE988766FBE4EF44221F18C0AAED4A8F656C274A408CB72
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05B21526, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
            Download Yara Rule
            APIs
            • PostMessageW.USER32(?,?,?,?), ref: 05B21561
            Memory Dump Source
            • Source File: 00000000.00000002.348430925.0000000005B20000.00000040.00000001.sdmp, Offset: 05B20000, based on PE: false
            Similarity
            • API ID: MessagePost
            • String ID:
            • API String ID: 410705778-0
            • Opcode ID: d816ee8d9da07887933120985c3f4d47ce239b912171a0731bd5d160fcd2590a
            • Instruction ID: 328426d846c23144bbbdf017934cb7737d5c942f860940ada3baa680f9339832
            • Opcode Fuzzy Hash: d816ee8d9da07887933120985c3f4d47ce239b912171a0731bd5d160fcd2590a
            • Instruction Fuzzy Hash: EC0156318006409FDB218F19D988B26FBA1EF08220F0884DEDD8A0B622D275A458DAB2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532C588, Relevance: 1.5, Strings: 1, Instructions: 259COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID: |mq
            • API String ID: 0-2599921401
            • Opcode ID: 69b80504869061932ae331279be3182ece85cd703b2b2b607ffb105833de76c0
            • Instruction ID: b4938f6b54067495b728d7495d0d037da1908586445495009b389639d9f8c3bb
            • Opcode Fuzzy Hash: 69b80504869061932ae331279be3182ece85cd703b2b2b607ffb105833de76c0
            • Instruction Fuzzy Hash: 2CA10570E40718EBDB14DFA4D855BADBBB2AF89700F20A129E5117B294CBB06D42CF15
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532C320, Relevance: 1.4, Strings: 1, Instructions: 101COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID: |mq
            • API String ID: 0-2599921401
            • Opcode ID: 2f38ae00c28485292d1e3d7022f820011cb4d3a31907e33886f3edc98f4c35f3
            • Instruction ID: c248138e88d578e514d33e68a2d41e8ce09daaa9a8e65e8919f54c1cb243f9b5
            • Opcode Fuzzy Hash: 2f38ae00c28485292d1e3d7022f820011cb4d3a31907e33886f3edc98f4c35f3
            • Instruction Fuzzy Hash: 44313770E1462CEBDB04DFA9E888AAEBBB6FB89300F10A429E505B7244DB745845CB55
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532C311, Relevance: 1.3, Strings: 1, Instructions: 96COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID: |mq
            • API String ID: 0-2599921401
            • Opcode ID: 5ebb982e1770f324aa95aa097f2c4d39dadecd5b079be6ee51bb58c8ec215783
            • Instruction ID: b7d4dbfe27d880c82500dbc209d39a422c7ece754018323fa60ab5085d4645f0
            • Opcode Fuzzy Hash: 5ebb982e1770f324aa95aa097f2c4d39dadecd5b079be6ee51bb58c8ec215783
            • Instruction Fuzzy Hash: B6316770E1462CEFDB04DFE4E888AAEBBB6FF89301F206429E505B7244DB745841CB05
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532DF81, Relevance: 1.3, Strings: 1, Instructions: 66COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID: %
            • API String ID: 0-2567322570
            • Opcode ID: 5757ab384dca267e62710877e973994765d84d44ac0ab13000fd3cdcb026261a
            • Instruction ID: b18496e61985ef2b7052111f8e71a8629b8ee71d135fcc71718837c203f81213
            • Opcode Fuzzy Hash: 5757ab384dca267e62710877e973994765d84d44ac0ab13000fd3cdcb026261a
            • Instruction Fuzzy Hash: 2D319E74905228CFCB64CF68D995BE8BBB6FB49305F1080DAD409A7251CB349F85DF51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532DA62, Relevance: 1.3, Strings: 1, Instructions: 64COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID: '
            • API String ID: 0-1997036262
            • Opcode ID: 9d94def51bcfbc85acd5d627f8f3e05f59228200cef568072c71991ce6537de1
            • Instruction ID: 81792e71216d10dffe008a9faff0e870135fd86a8ecd365a2e2e82d4fa3aad01
            • Opcode Fuzzy Hash: 9d94def51bcfbc85acd5d627f8f3e05f59228200cef568072c71991ce6537de1
            • Instruction Fuzzy Hash: C131C574D10628DFDB24CF68CD96BDDB7B5BB08704F1080D9D10AA7280D7749A81CF55
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532E434, Relevance: 1.3, Strings: 1, Instructions: 47COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID: "
            • API String ID: 0-123907689
            • Opcode ID: 351e49a0a37e88f33ce81ae2e9ee39ebb3f1be378d52b32ce3fb1cb4bf479e4e
            • Instruction ID: 7dd7c8450cf6649f1d5435700fd051be6c9bf511aa5e84a8957a9cba13cc73b3
            • Opcode Fuzzy Hash: 351e49a0a37e88f33ce81ae2e9ee39ebb3f1be378d52b32ce3fb1cb4bf479e4e
            • Instruction Fuzzy Hash: 1F11F87190022CCFDB24DF68C886BEDB7B5BB09305F1481E9D549AB241C7349E81CF51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532B2BE, Relevance: 1.3, Strings: 1, Instructions: 46COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID: !
            • API String ID: 0-2657877971
            • Opcode ID: 98735b58994de38c5b992a0dec18da6df78931d451a58910ac44038e5b7fde22
            • Instruction ID: 6bb02753ac607a9b99671fdf7048c624772aa7915d1d34d68385cf405c942a3b
            • Opcode Fuzzy Hash: 98735b58994de38c5b992a0dec18da6df78931d451a58910ac44038e5b7fde22
            • Instruction Fuzzy Hash: CC112570D04658CFDB14DFA6E4A8BADFBB5FF45305F108069E016A72A5CBB85884CF14
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532E0B6, Relevance: 1.3, Strings: 1, Instructions: 33COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID: 0-3916222277
            • Opcode ID: f7d9b81a20fef9ba0ff8d54423f41038cdf8b19c4590199a89b8d7db50db0c47
            • Instruction ID: 1fe9cd8477b72b4a4de4466fc64305327900c8d07868b6f094de1abf8991bdd3
            • Opcode Fuzzy Hash: f7d9b81a20fef9ba0ff8d54423f41038cdf8b19c4590199a89b8d7db50db0c47
            • Instruction Fuzzy Hash: D701D074D08628CFCB25CF64D949BECBBB5BB09301F1040D9E509AB281C7745E81DF55
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532E14E, Relevance: 1.3, Strings: 1, Instructions: 32COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID: (
            • API String ID: 0-3887548279
            • Opcode ID: 82ce57ab48dcca5939d675765fc38264be2bee7cddc153944c4b9a1d7886414f
            • Instruction ID: d21e5f6706e4449f7ae330cee2c57db04178209101615a0caa4a95a9657e77b5
            • Opcode Fuzzy Hash: 82ce57ab48dcca5939d675765fc38264be2bee7cddc153944c4b9a1d7886414f
            • Instruction Fuzzy Hash: 6B01E471901628CFDB64CF58CD86BECB7B9BB08304F1085D9E50AA7250C7359ACADF11
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532E417, Relevance: 1.3, Strings: 1, Instructions: 23COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID: ,
            • API String ID: 0-3772416878
            • Opcode ID: c8e103a64bc5a22f92ac49301e80259261c6696f91ef3deabbfc7dcacfeb9073
            • Instruction ID: c7b9fc5e54048eebc3a0877ee32420bb402ad554e2f4e0eaaba8bf184b72e53e
            • Opcode Fuzzy Hash: c8e103a64bc5a22f92ac49301e80259261c6696f91ef3deabbfc7dcacfeb9073
            • Instruction Fuzzy Hash: 33F0F874819A38CBDB38CF24C9497EDBBB5AB01311F1045D6D55BA3180C7B44AC6DF51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532B0E7, Relevance: 1.3, Strings: 1, Instructions: 22COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID: "
            • API String ID: 0-123907689
            • Opcode ID: 40498a5c2c5a9fe75ee624e2aea78f3f76db32b4020d8e7202d3cd392943f0f9
            • Instruction ID: 4037121de46965297bafa8a3c3a77e9c5b203bcea803f5baf80dd29fc6c4f4e6
            • Opcode Fuzzy Hash: 40498a5c2c5a9fe75ee624e2aea78f3f76db32b4020d8e7202d3cd392943f0f9
            • Instruction Fuzzy Hash: 98F0E538D28328DFCB14CF66E4A96ACBFB5FB05301F109455E052E32A1DB749981CF04
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532C9C8, Relevance: .2, Instructions: 195COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 60e875f92f99313d002ec8d795d8187bb951f17e6cd71d7ab3410619c5e10129
            • Instruction ID: 99efba5f1421d6203c2e6e0363d5e235ba974951a1a54154af5a0f20942d97fe
            • Opcode Fuzzy Hash: 60e875f92f99313d002ec8d795d8187bb951f17e6cd71d7ab3410619c5e10129
            • Instruction Fuzzy Hash: 6281DFB4E04628DFDB04DFA4D598AAEBBB2FF48300F20902AE809A7351DB745E45CF51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532C9B9, Relevance: .2, Instructions: 186COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 003dd14739fa7579cf8e0ed9a70ebb20b0bb0b3d5e1c58c5afe935050d261b11
            • Instruction ID: ecb0f69794e271f4dae55b57fb661ca93725b5ddd774c6cc539e0fbe3ceef6e3
            • Opcode Fuzzy Hash: 003dd14739fa7579cf8e0ed9a70ebb20b0bb0b3d5e1c58c5afe935050d261b11
            • Instruction Fuzzy Hash: 8781C174E05618DFDB14DFA4D9946AEBBB2FF89300F20902AE809A7351DB345E45CF51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05324437, Relevance: .2, Instructions: 176COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c1d5703e1f68e9af98321b07dcbb3a09260c42ad4ea004c1dcfd96a6a16f2b8c
            • Instruction ID: f5068a2fd3e22b2ea02da1a8cce5c1e263a87361bbd54fce6303d8f9cb2a7d1b
            • Opcode Fuzzy Hash: c1d5703e1f68e9af98321b07dcbb3a09260c42ad4ea004c1dcfd96a6a16f2b8c
            • Instruction Fuzzy Hash: B8716E74E046298FDF10CFA8C880BEDBBB6BB49310F1094A9E559EB251E7749A85CF10
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532D307, Relevance: .2, Instructions: 151COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a24fdafd06a79eb9470e443831ac477ec65e73ef21420661b1c1e8e0bdee795e
            • Instruction ID: 8f502a2e8519566cfb0d810ae50bd8fed5106ee778de29e26ca28e372a900f23
            • Opcode Fuzzy Hash: a24fdafd06a79eb9470e443831ac477ec65e73ef21420661b1c1e8e0bdee795e
            • Instruction Fuzzy Hash: 3E5124B4E05629DFCB04DFA9C084AADFBB2FF09314F189A59E419A7245C734A982CF50
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05323F67, Relevance: .1, Instructions: 126COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6e11aca88449ca5a7816853ec8d5e457f4af4b338f90bda1e907604621e8515a
            • Instruction ID: ee7db235ed447e7b8c80b41edb0c53d05c97f1cd6cf3e68255b1fff35a0d8e7f
            • Opcode Fuzzy Hash: 6e11aca88449ca5a7816853ec8d5e457f4af4b338f90bda1e907604621e8515a
            • Instruction Fuzzy Hash: E551A074E05268DFCB14DFB8D584AADBBF2FB09304F209869E816EB350E6349981CF11
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532BD3C, Relevance: .1, Instructions: 121COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 64fdcc08a22a89e107efd9c29eff3b7f080414e9e76dd8ee2fa6a687f92bae07
            • Instruction ID: 247dddcc8aa4c5c879a0b3002cd5755ba38ff06d659dc490439db6aa550cfc04
            • Opcode Fuzzy Hash: 64fdcc08a22a89e107efd9c29eff3b7f080414e9e76dd8ee2fa6a687f92bae07
            • Instruction Fuzzy Hash: AD41E774D19628CBDB14CFA5E4987EDFBBAFB0A300F24641AE016B7241D7B89885CF14
            Uniqueness

            Uniqueness Score: -1.00%

            Function 053200B8, Relevance: .1, Instructions: 114COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6ec8d6165ac4e3c3dbcf71b3fca3aa04a358d2d81654bc0ca2f495d1a056a467
            • Instruction ID: 0609226dbfcdd242f4732c52d2c541053aa20730eb28b6319b7cea7f21de55b2
            • Opcode Fuzzy Hash: 6ec8d6165ac4e3c3dbcf71b3fca3aa04a358d2d81654bc0ca2f495d1a056a467
            • Instruction Fuzzy Hash: 4151C534E02209DFCB18DFA8D5889ADF7B2FF49305F2481B9D819A7355D734AA51CB44
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05324928, Relevance: .1, Instructions: 108COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3f6bbeb48bc86f05b3db45f18d216180398a0ff7af5171890592c6c9b7cf9fec
            • Instruction ID: c8712f31ecbb21edcfbd4d64ea7bb52faf429ccbc11e17e1b934ddbc9a845406
            • Opcode Fuzzy Hash: 3f6bbeb48bc86f05b3db45f18d216180398a0ff7af5171890592c6c9b7cf9fec
            • Instruction Fuzzy Hash: 9231E530F04669DFCF05DBB9C8446AEBBB6BF85600F2484AAD405EB355EB309D01C762
            Uniqueness

            Uniqueness Score: -1.00%

            Function 053200A9, Relevance: .1, Instructions: 106COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 579a7e1b6060339de298b949d4cd543bd138ea39d08425e6642c65236a9a69d1
            • Instruction ID: d747fbf0bb38383aae3ca2e4765f26f0bb57e2d6754d90a676f154187224c2ff
            • Opcode Fuzzy Hash: 579a7e1b6060339de298b949d4cd543bd138ea39d08425e6642c65236a9a69d1
            • Instruction Fuzzy Hash: D441C434E02209DFCB18DFA8D588AADF7B2FF49305F2481B9D829A7355D734AA51CB44
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532B969, Relevance: .1, Instructions: 73COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0774109b6c90ca806733eefb9be55281c77b2d22540f7780ec32c1fae631916f
            • Instruction ID: aaf5b938608934d8e3718e1cce6d7e20e3a1e9db244dfc547fa876c0a1b39905
            • Opcode Fuzzy Hash: 0774109b6c90ca806733eefb9be55281c77b2d22540f7780ec32c1fae631916f
            • Instruction Fuzzy Hash: 35212570C19618CFCB00DFA4C55A7EDBFF9FB0A301F14906AD406A2680DB781A80CF51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532E777, Relevance: .1, Instructions: 73COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b7d6257a340a7d2d97a500750c617343addc75fbca3c7b9c29c6e89cf3f9763b
            • Instruction ID: c22e7825074dc159c010a546424b7c4dd46c48bb761b208d19f9913f97bac098
            • Opcode Fuzzy Hash: b7d6257a340a7d2d97a500750c617343addc75fbca3c7b9c29c6e89cf3f9763b
            • Instruction Fuzzy Hash: 1C31E274D096288BDB60DF64D8897ECBBBAFB59301F1094AAD04EA3640DB704A85DF14
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532BAA7, Relevance: .1, Instructions: 72COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bd733a68fc9a6d9e99b1cdcb4f7ad42582cedd33cd3e291835087f2618f949c8
            • Instruction ID: 09a6fdfc06df8dbf78a77c8eb5a33ac175e73dc6d81248287f697b6d59663143
            • Opcode Fuzzy Hash: bd733a68fc9a6d9e99b1cdcb4f7ad42582cedd33cd3e291835087f2618f949c8
            • Instruction Fuzzy Hash: 2E212474D09619CBCF00DFA5C8A96EEFBF5BB09300F24946AD401B3294DB385A40CF65
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05324F8A, Relevance: .1, Instructions: 61COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a6a417e15619c9eb11897408134e7a4fcbf0f6b766d27ddbfb53a13fca278045
            • Instruction ID: 5810f3e8249c001258061745a86d1a0abc8cf62f20aae1e730087114ff904052
            • Opcode Fuzzy Hash: a6a417e15619c9eb11897408134e7a4fcbf0f6b766d27ddbfb53a13fca278045
            • Instruction Fuzzy Hash: C831EE74904258DFDB40DFA8D588B9CBFF1FB48314F1485AAE80AAB394DB789984CF15
            Uniqueness

            Uniqueness Score: -1.00%

            Function 02CB075C, Relevance: .1, Instructions: 59COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.345908907.0000000002CB0000.00000040.00000040.sdmp, Offset: 02CB0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2a8f598777f37c3350e355b19ebc834685fc112104ec12e755c366e3425aa174
            • Instruction ID: 28461fda55328a68abc94f108ca90a43fd16a7b313dc48437360ed4a78913b88
            • Opcode Fuzzy Hash: 2a8f598777f37c3350e355b19ebc834685fc112104ec12e755c366e3425aa174
            • Instruction Fuzzy Hash: 8511A234244284DFD716CB54C984B66FB95EF88708F24C5ACE9495BA53C77BD803CA51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05320006, Relevance: .1, Instructions: 57COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 35ee972f6f0e8a4625b74941ad21a2b0d52cae35e77d6e149295ff0d67db76c1
            • Instruction ID: e0f5a939423428c724fe6535d406cec751590492efc9ba6689fff47d7cbc37f0
            • Opcode Fuzzy Hash: 35ee972f6f0e8a4625b74941ad21a2b0d52cae35e77d6e149295ff0d67db76c1
            • Instruction Fuzzy Hash: 10114C3110E3D0AFD71B977499666AA7FB46F07204F0E94EBC0C09B1A3DA585D19E363
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532B8B1, Relevance: .1, Instructions: 57COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cd649e8da797831b3254a32d7a9d123c6ca010f6363f85092dcfab60f0ef14ef
            • Instruction ID: bdec192a76b95458096dea0fd238e49b7370437617490ec3decd96ba4bdcb3ca
            • Opcode Fuzzy Hash: cd649e8da797831b3254a32d7a9d123c6ca010f6363f85092dcfab60f0ef14ef
            • Instruction Fuzzy Hash: 8511E570E4A648DFCF04DFB9D591AAEFFBAEF46200F2450ADD809A7241CA315E00CB54
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532AF68, Relevance: .1, Instructions: 56COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5b6d2a26358e1945c97992ae8bcc53d48d9287ec6968b77fd46aff60fb4cc547
            • Instruction ID: 70da026bf33fcbf65fd53bc61599caf55d4fc4bedb21f7a91af42137848ee451
            • Opcode Fuzzy Hash: 5b6d2a26358e1945c97992ae8bcc53d48d9287ec6968b77fd46aff60fb4cc547
            • Instruction Fuzzy Hash: 822117B4D0861ADFCB05CF94C9929EEBBB5FF48300F10815AD815A7351D7789A41CF61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532B213, Relevance: .1, Instructions: 56COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 62c2edfe10b6262f57ba2109a61fb134f43054a3dc7a1b8f5a70e3a90a5b5e03
            • Instruction ID: 9819d1ddc68d3b4cb4640a13cf69c887eb14c780dbbbea457192d1c302337345
            • Opcode Fuzzy Hash: 62c2edfe10b6262f57ba2109a61fb134f43054a3dc7a1b8f5a70e3a90a5b5e03
            • Instruction Fuzzy Hash: B5212C74D15728CFCB14CFA6E4987ADBBB1FB09300F104169E41AA32A1DB785984CF01
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532C059, Relevance: .1, Instructions: 55COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5edd15651bfa3a1a60585b25acc4058f31578bd741074eb11b3b7e3df48b1d51
            • Instruction ID: e967ef3a49fee7d50cbba7143a3a79d089993109082f5a489fd0a7990c34feb9
            • Opcode Fuzzy Hash: 5edd15651bfa3a1a60585b25acc4058f31578bd741074eb11b3b7e3df48b1d51
            • Instruction Fuzzy Hash: 7C118F70A151199FCB08DFA4D9959AEBF72FF8A301F609168D41AA7391CF306A01CF51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532AF78, Relevance: .1, Instructions: 55COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2a8f78d2e706bf0a48d9aa0e522e232747c73e6f13b8b1afd95a4b45527af6d0
            • Instruction ID: 52001398a925f05c331476c5141889565a43850ef70e3b96ca54924a61d4a1de
            • Opcode Fuzzy Hash: 2a8f78d2e706bf0a48d9aa0e522e232747c73e6f13b8b1afd95a4b45527af6d0
            • Instruction Fuzzy Hash: F921C0B4D0861ADFCB05DF98C5959EEFBB5BF48300F108169D815AB350DB75AA40CFA1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 053248D5, Relevance: .1, Instructions: 54COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5d8de280dac19967cc227745895c44eb84b3a070d5f5e46b07ccd48934b44d3b
            • Instruction ID: e2638d3e720f658737be8fb154aa6d56dcd874c4e6343e4d3cb7a9c3b36a8790
            • Opcode Fuzzy Hash: 5d8de280dac19967cc227745895c44eb84b3a070d5f5e46b07ccd48934b44d3b
            • Instruction Fuzzy Hash: CC11AC78E086AC8FCF01CFA4C0806BDFBB8FB05304F109589D85AAB606C7719545CF40
            Uniqueness

            Uniqueness Score: -1.00%

            Function 02CB073F, Relevance: .1, Instructions: 51COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.345908907.0000000002CB0000.00000040.00000040.sdmp, Offset: 02CB0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 868a9009f214e6ae7bcf553b7f8c7c50952a3911b489487db35667768b8e14e2
            • Instruction ID: bb13767388d8db2e94bcaa2556b02a68a1e034e0993fb74b55a06e9eaca616b1
            • Opcode Fuzzy Hash: 868a9009f214e6ae7bcf553b7f8c7c50952a3911b489487db35667768b8e14e2
            • Instruction Fuzzy Hash: D01160351093C09FC717CB20C890B56BFB1AF86704F1886EED4899B6A3C33A9907CB52
            Uniqueness

            Uniqueness Score: -1.00%

            Function 02CB05CF, Relevance: .0, Instructions: 44COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.345908907.0000000002CB0000.00000040.00000040.sdmp, Offset: 02CB0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f59b46cdb790b3c160cf5570888753a9fa01bd29cc7a8341b933aa5c78a7561b
            • Instruction ID: d6d743039ad39b63809f2576e8e3b862262691f4f17feda4b9d98cc4400e6950
            • Opcode Fuzzy Hash: f59b46cdb790b3c160cf5570888753a9fa01bd29cc7a8341b933aa5c78a7561b
            • Instruction Fuzzy Hash: 78018B765093906FD7138B169C44863FFE8DE86620749C49BEC498B612D2256509CB75
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532D438, Relevance: .0, Instructions: 41COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3069132cfd4a9a0d8a19956c3081ac6ba471490cb1a151bbf2949dc5b5ae6281
            • Instruction ID: ba2ad25167752c5b870cdfdc762ffc0610d46a8da1fb67dc580ac03337803a4d
            • Opcode Fuzzy Hash: 3069132cfd4a9a0d8a19956c3081ac6ba471490cb1a151bbf2949dc5b5ae6281
            • Instruction Fuzzy Hash: 9301497085E38C9FCB11CBB4C94665D7FB4EB02201F2481EDD84417683CB311652D786
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532DB5D, Relevance: .0, Instructions: 38COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3275a83840208600dc38947d3d46f620502dec5f2ee5c91e2853a35e1571f82d
            • Instruction ID: 43e05a1b55b3069245f82f627ab75c39daed63065961419ea0e8d063dedb81e0
            • Opcode Fuzzy Hash: 3275a83840208600dc38947d3d46f620502dec5f2ee5c91e2853a35e1571f82d
            • Instruction Fuzzy Hash: 1A11D070900A28CFCB64DF68CD85BECBBB6BB48305F2080E9D009AB250C7359E86DF11
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532C1CF, Relevance: .0, Instructions: 37COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 54546bbec91309eadeb69692a817d61faec9381c3b8900bc5640ebf9d8afb43f
            • Instruction ID: 7ae7682072eff19c387cc17fc78936751affe7d27b049ba259a831f465d70762
            • Opcode Fuzzy Hash: 54546bbec91309eadeb69692a817d61faec9381c3b8900bc5640ebf9d8afb43f
            • Instruction Fuzzy Hash: 3AF0C27088A28CDBCF15CEA086816ECBBB5EF42201F6455AECC4827642DA3A0E01DB40
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532DC88, Relevance: .0, Instructions: 34COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d8590c7611137c654701f4d7c9f24eb17217a59de9a019ebdb6062a477c1f1a5
            • Instruction ID: 49aee2aab105c377d7901b713fd6143ee7ada1bba0356b3cb11eea39ce22eb79
            • Opcode Fuzzy Hash: d8590c7611137c654701f4d7c9f24eb17217a59de9a019ebdb6062a477c1f1a5
            • Instruction Fuzzy Hash: 64012835858678CFCB28CF28CA9A7ECBBB5AB05305F5085DAC04AA7290CB344EC5DF15
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05323CEF, Relevance: .0, Instructions: 34COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 79f5a74de76823701010eecf213b952726eecdc81cb18834c9ada2e037bd0f4b
            • Instruction ID: f6811fa6f174b1e69c5b93740d28ebc2df387014e74aeb55f447e4df04a007a0
            • Opcode Fuzzy Hash: 79f5a74de76823701010eecf213b952726eecdc81cb18834c9ada2e037bd0f4b
            • Instruction Fuzzy Hash: 3BF06D70904119EFCB04EFA8C585A9DBBF1FF04304F14C9A9D814A7340C735A951CB92
            Uniqueness

            Uniqueness Score: -1.00%

            Function 053249E8, Relevance: .0, Instructions: 33COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8395d664537dac4f9b3d08301afd203d5a90cb0457f9c9c4bde6d2149b9b7142
            • Instruction ID: 8f1e1d3857775ec8cf2c5fc3cbb02c9e431346c38eece785cb579a9558a922da
            • Opcode Fuzzy Hash: 8395d664537dac4f9b3d08301afd203d5a90cb0457f9c9c4bde6d2149b9b7142
            • Instruction Fuzzy Hash: ADF09AB4E08228AFCB04DFA8C4846AEBBF0FF09300F1480BAD805E7350E7309A40CB51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05323BB9, Relevance: .0, Instructions: 33COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b52e453f0169edca852a981a5a098943ae41f76fdfc715add2058c15a8bfec18
            • Instruction ID: b090f976439128ea61a6441204ccce3644c06ad961839ebe97618e4e7bc672d6
            • Opcode Fuzzy Hash: b52e453f0169edca852a981a5a098943ae41f76fdfc715add2058c15a8bfec18
            • Instruction Fuzzy Hash: AFF03A70D04218ABCB08EFA5D842BAEBBB1EB84300F10C5A9C81063340C7345E51DF86
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05324A4F, Relevance: .0, Instructions: 33COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 315dccfe4ce8ac4562dcc36b860bd92554fb616acd99b420ef00f74b1c6e02be
            • Instruction ID: 1615c7a7e7393f2a2651fb6c22457ea4298c6d9a5333175183cd8065eb6d4b9b
            • Opcode Fuzzy Hash: 315dccfe4ce8ac4562dcc36b860bd92554fb616acd99b420ef00f74b1c6e02be
            • Instruction Fuzzy Hash: 9FF06DB4D0121CABCB04DFE4D9457AEBBB0FF44304F2044A8C84073350D7759A50CB66
            Uniqueness

            Uniqueness Score: -1.00%

            Function 02CB0818, Relevance: .0, Instructions: 31COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.345908907.0000000002CB0000.00000040.00000040.sdmp, Offset: 02CB0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8d74a29df55c69f98ab7c4b2aae8ba2665a8ebae01658a76b7ab1be4c5fff073
            • Instruction ID: d00407f4799344bbcf9edf0e2bbbcce2240e40544e2001167011f5cfa1b6d59d
            • Opcode Fuzzy Hash: 8d74a29df55c69f98ab7c4b2aae8ba2665a8ebae01658a76b7ab1be4c5fff073
            • Instruction Fuzzy Hash: F7F06D35104640DFC302CF00C940B26FBA6EB89718F24C6ADE9481BB52C337D913DE81
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532B23A, Relevance: .0, Instructions: 30COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 69f6871e08425905f69428ee25f0da1e97447a5c0414b11c833a54bfd6059b60
            • Instruction ID: abd4793c411266304a14ca96cdf843000a74211ddfd5c9a2befa63d57379ca09
            • Opcode Fuzzy Hash: 69f6871e08425905f69428ee25f0da1e97447a5c0414b11c833a54bfd6059b60
            • Instruction Fuzzy Hash: A9016874E10228CFEB60DF69E894B9CBBB1BB09304F1080AAE51DA3251DB746E85CF10
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05323EA0, Relevance: .0, Instructions: 30COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f4582c86fce2726e340abf5c77a36470dc48ba5c9a5cf5b1cd31e70d183fdbec
            • Instruction ID: 01955fe7f6ee05a18604343fa208c5d1028d99afe8cdddccc1b07bd34d433fee
            • Opcode Fuzzy Hash: f4582c86fce2726e340abf5c77a36470dc48ba5c9a5cf5b1cd31e70d183fdbec
            • Instruction Fuzzy Hash: D7F06D74800228EBC728EFA8D9967ECBBB1FB06306F10D468DC1563344CB319AA5DB95
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532EB01, Relevance: .0, Instructions: 29COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 54eacc2af9545c318f330ae1121d1f09933aca96e1b4a286a2f6d1d1749ed39e
            • Instruction ID: 1e604b8b565e0d4b5cbc4b395e6d63fbf98474eb96dffeab394ff68759242672
            • Opcode Fuzzy Hash: 54eacc2af9545c318f330ae1121d1f09933aca96e1b4a286a2f6d1d1749ed39e
            • Instruction Fuzzy Hash: DFF05E75808108FBCF00DF94C882AADBFB5FF58300F148099E80597351D632AA11EB81
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05323D00, Relevance: .0, Instructions: 28COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a6b0a8ac5a23874d95c732a513840e4b1043335a4dba4c9ba8d11d03c14f7fb0
            • Instruction ID: f8896a370c8c71fecea1af6eb504190ed276610aabc4736f26ea707c104649a2
            • Opcode Fuzzy Hash: a6b0a8ac5a23874d95c732a513840e4b1043335a4dba4c9ba8d11d03c14f7fb0
            • Instruction Fuzzy Hash: F1F03A74904218EFCB04EFA8C18499EBBB1FF44304F1085A9D814A7350C774AE50DB96
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532B307, Relevance: .0, Instructions: 28COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8e4f14f08b0ba01c2bbae48ab22745c58cfd5c3eacc0e25aa78a8a3bc3adf03b
            • Instruction ID: 5fa74534dac2a60512c46fd19307f6d9a4657bcf3d86f2a2eb168c6b2ca8f764
            • Opcode Fuzzy Hash: 8e4f14f08b0ba01c2bbae48ab22745c58cfd5c3eacc0e25aa78a8a3bc3adf03b
            • Instruction Fuzzy Hash: 1DF0D475C29329CECB14CF62D1693FEBFB4AB06306F00901AE092A32A1DB780284DF54
            Uniqueness

            Uniqueness Score: -1.00%

            Function 02CB05F6, Relevance: .0, Instructions: 27COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.345908907.0000000002CB0000.00000040.00000040.sdmp, Offset: 02CB0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 464a16bce43e8c46d7539cee4e09fa6498d091f1b50de8cc4d9e7ef0a47394ca
            • Instruction ID: 45922723b64c969ee08c6ab32b40c076f16aabdfa53320f4132478c6d0954612
            • Opcode Fuzzy Hash: 464a16bce43e8c46d7539cee4e09fa6498d091f1b50de8cc4d9e7ef0a47394ca
            • Instruction Fuzzy Hash: 8FE092766406004BD650CF0AEC81452F7D8EB84630718C07FDC0E8B711D635B504CEA5
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532B5A9, Relevance: .0, Instructions: 27COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 83031bfdac099fb04dab1b91c1834a47102378b3dde84a3a6f19a8202849ada7
            • Instruction ID: 7598986b52857792f3c76d06ab04c8001b3c9bddacb79c1c20cafa625f0b845b
            • Opcode Fuzzy Hash: 83031bfdac099fb04dab1b91c1834a47102378b3dde84a3a6f19a8202849ada7
            • Instruction Fuzzy Hash: 79F01774C24628DFCB14CFA6E4687ACFFB0FB05305F009519E022A6295CBB85584CF05
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532D4F8, Relevance: .0, Instructions: 27COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 55f8756ddd72e48a61ea58dcbe7c9e4f4662b0d7781f4b823df7a275978b71dc
            • Instruction ID: ccfe26318128250d0408231cd8d960c533babb11c134dbeef5360b92c5bcd541
            • Opcode Fuzzy Hash: 55f8756ddd72e48a61ea58dcbe7c9e4f4662b0d7781f4b823df7a275978b71dc
            • Instruction Fuzzy Hash: D8F0A070C49208DFC700DFA0D98AAADBF78EB45306F2081ACD80563381CB781A95DB59
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532ECD0, Relevance: .0, Instructions: 27COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 78e5e21fc351cca63de0b24a09f49f913a0ecb02523166da4c21c23ecf7b9fc9
            • Instruction ID: 13a1244096dc5247579ec35ab4f6be73f1c63ecb4a528355ad80f13b7822c7b7
            • Opcode Fuzzy Hash: 78e5e21fc351cca63de0b24a09f49f913a0ecb02523166da4c21c23ecf7b9fc9
            • Instruction Fuzzy Hash: 92F0A078849258AFCB01CBA0D9829ACBFB1AB4A301F1480DADC4943752C6364A42DB10
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532CFA8, Relevance: .0, Instructions: 27COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f69e66a88c76255707fc8bb52e0e64a195543b3faf03bf9fe54433da7f77a744
            • Instruction ID: 3c019a2b01b61e2f9df7202556d9b0f3f678419d05c2fe75dd2da085d27d7458
            • Opcode Fuzzy Hash: f69e66a88c76255707fc8bb52e0e64a195543b3faf03bf9fe54433da7f77a744
            • Instruction Fuzzy Hash: ADE0267281FE48BEC701EA74DC82B2EBFA8DB13510F1411E9C00057683E4714D008266
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05324A60, Relevance: .0, Instructions: 27COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 649547d36d231a42ec7fd48acf441192833ccfc1b2c08ebd4bf18e5f26107f1e
            • Instruction ID: 610b9b2d6e3bb8ec875abdf25912822f212b8810ebae8a9b0f7837d96d5c1c5c
            • Opcode Fuzzy Hash: 649547d36d231a42ec7fd48acf441192833ccfc1b2c08ebd4bf18e5f26107f1e
            • Instruction Fuzzy Hash: 60F0F2B4D00208ABCB04EFE9D945AAEBBB1FB48204F2045A8C84463350D7B59A54CBA6
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532EAB0, Relevance: .0, Instructions: 27COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 10b1fbd4b5eeb65f19b12d021a3949cc61733ca77a19bca93481f515d9547788
            • Instruction ID: 9d5f756a5cdbd6f85199cc7d9c76173beefac51a4105f8a61b359755d8fada6a
            • Opcode Fuzzy Hash: 10b1fbd4b5eeb65f19b12d021a3949cc61733ca77a19bca93481f515d9547788
            • Instruction Fuzzy Hash: 3AF06D34809208EFCB40DFA4C5827ACFFB9FB49314F24C1A9E81567741C6369A42EB95
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532B539, Relevance: .0, Instructions: 26COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 54ae7c2c30d605d700075a7cc42e263a6ac410100dfc79d85cc1c26a9a334ecd
            • Instruction ID: 215dd989d5a2ec5733f9c4df6c673fc6cbec08dff917528f33a3cd16bb8198b1
            • Opcode Fuzzy Hash: 54ae7c2c30d605d700075a7cc42e263a6ac410100dfc79d85cc1c26a9a334ecd
            • Instruction Fuzzy Hash: D701B274E04628DFDB64DFA9D89479CFBB2BB08300F1080AAE52AE3251DB745984DF11
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05323BC8, Relevance: .0, Instructions: 26COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a55fec94ff5a9e270ce7863fa057dfbcfdb385831ebacf817272636b6077f356
            • Instruction ID: 00f76137551a934d66af0eeba743c599d3b7d1152e0190403d871256e7a06555
            • Opcode Fuzzy Hash: a55fec94ff5a9e270ce7863fa057dfbcfdb385831ebacf817272636b6077f356
            • Instruction Fuzzy Hash: 90F03974E05218EBCB08EFA9D441AAEFBB1FF84300F2080A9C81063340D7345E20DF96
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532ED20, Relevance: .0, Instructions: 25COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4be6fbec73c6aba19b80ec6c26a0bbfe9be3c8cb4ac0bd9c870b97449b1162ab
            • Instruction ID: 57fdc1386c83a9ee66e41c65940cedb608153a6c20353793fb45b2b9c1fcd15e
            • Opcode Fuzzy Hash: 4be6fbec73c6aba19b80ec6c26a0bbfe9be3c8cb4ac0bd9c870b97449b1162ab
            • Instruction Fuzzy Hash: B7F09274D09208EFCB00DF98D5826ACFFB8EB46304F2480EADC0997342D6319E46DB51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532D109, Relevance: .0, Instructions: 25COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b69e49b5ed5a1a850436bcdbc210f93db953f45ff5feeb477a6e563afb4ff5c7
            • Instruction ID: b84f2e7cc3d8ef362cec415b236ef4adbcd330f476353d66682c4a4b456fe320
            • Opcode Fuzzy Hash: b69e49b5ed5a1a850436bcdbc210f93db953f45ff5feeb477a6e563afb4ff5c7
            • Instruction Fuzzy Hash: 7BE04F34C0A208EFC744DFA5D9877ADFFB8EB45310F6480ADD84963B41C6356A82CB49
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532BEF0, Relevance: .0, Instructions: 25COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4a47a2254e0dc45bf1df8f5ffa24263771953daf9a485fa25023b4cf10c383d5
            • Instruction ID: 229144e021e5c12b8f4f28e397d63c8d71411d72afb69b068172d187f3c85b55
            • Opcode Fuzzy Hash: 4a47a2254e0dc45bf1df8f5ffa24263771953daf9a485fa25023b4cf10c383d5
            • Instruction Fuzzy Hash: FEE06579818208EFCB00DFA4C2862ACBFB0FB15305F2001E5D86883721C6394A41EE11
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05324AFA, Relevance: .0, Instructions: 25COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2ca722f0be90eb42e086307c89267f6f099ece78dabb10e07e33ac40200ce2af
            • Instruction ID: 19b1691742abe19e5331b3341f689991b96d60da91be4fe980356dce5677f9f8
            • Opcode Fuzzy Hash: 2ca722f0be90eb42e086307c89267f6f099ece78dabb10e07e33ac40200ce2af
            • Instruction Fuzzy Hash: A6F0F4B0908219DFCB11CF68EA956DC7BB1FB59304F904098E58997686CFB45EC1CF14
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532EB10, Relevance: .0, Instructions: 24COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0c77110dc886ad18d52c5f54a3f58aa5b188757bc14f2fe5581a0c8f8af3ea5c
            • Instruction ID: 608aa80c255d6632e774779844502c655611b731b9027211f22fc91fc1e1d23e
            • Opcode Fuzzy Hash: 0c77110dc886ad18d52c5f54a3f58aa5b188757bc14f2fe5581a0c8f8af3ea5c
            • Instruction Fuzzy Hash: ABF01C3490410CEFCB04DF94D9819ADBBB5FF48300F108099EC0553351C732AA61EB81
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532C550, Relevance: .0, Instructions: 23COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 280a558a4cfd2e79ad87153262ff4e18965258ab29ae769172eddb50354cee44
            • Instruction ID: f2df973c7a98340570689cad740187a354c6479aafaf0a8ab0ab7b3f010e61c2
            • Opcode Fuzzy Hash: 280a558a4cfd2e79ad87153262ff4e18965258ab29ae769172eddb50354cee44
            • Instruction Fuzzy Hash: 05E0C23081A20CBFC300D765C94BBAEBE6CE703200F70509CE405A3B42CA30A940C505
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532D551, Relevance: .0, Instructions: 23COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e90037af6104f657e25b48786493e8ec69c70c74fc98a12f41717435bd996cf3
            • Instruction ID: ff26a49326e295a8c64b7df275c7249ec7a6c0d0a6d9d6cdb90536059433e72b
            • Opcode Fuzzy Hash: e90037af6104f657e25b48786493e8ec69c70c74fc98a12f41717435bd996cf3
            • Instruction Fuzzy Hash: 5EE01A74D98108DFCB00CFA4C5856EEBBB4FB05316F2081AAEC1963641CB781646DF55
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532D941, Relevance: .0, Instructions: 23COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ccc9dae12c7a6a056ca2ba26e42c2a61a36f50904df465526378633642a05677
            • Instruction ID: eab7917e8a7641aa39629059753f362dd5951bd54744861dc649e59cdac43510
            • Opcode Fuzzy Hash: ccc9dae12c7a6a056ca2ba26e42c2a61a36f50904df465526378633642a05677
            • Instruction Fuzzy Hash: 47E08630C4D208DBC700DB64D58779DBFB4E715301F1444A8E40A63742DB345A82D78A
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532D0C8, Relevance: .0, Instructions: 23COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0ea48a11944eb3a5535e48e1d840269a3078ffd30928c8f97b20b104ac51f3e6
            • Instruction ID: 9d6b182cdd565026a3d7c958161d3e5b6dc7e9b8538d66d0a790f190b84b7013
            • Opcode Fuzzy Hash: 0ea48a11944eb3a5535e48e1d840269a3078ffd30928c8f97b20b104ac51f3e6
            • Instruction Fuzzy Hash: D1E0863085A2089BC700DB78C98779CBFB49B01204F64849CC84563791D6315585C792
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532CF68, Relevance: .0, Instructions: 23COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3b4bd8c861832f92b01bec1dc6bf25c6c638331d0c12d76c56f45c710f731275
            • Instruction ID: 85db7259f8d6a51a1554188bfbfba660805e543acc57556e9087dc3e52ff81ac
            • Opcode Fuzzy Hash: 3b4bd8c861832f92b01bec1dc6bf25c6c638331d0c12d76c56f45c710f731275
            • Instruction Fuzzy Hash: 9FE08630C5A208FFCB40DBB8D6877ACBB78AB05210F6450A8C44563741D9346941CB57
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532CFE0, Relevance: .0, Instructions: 23COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9036c9f731794a7df3c0e59f023905ce6c7c6856b21975bb7b9cd130e8e63b52
            • Instruction ID: b1749f3586d454d80adb6ec396652c7c309f82707688369da4a3b8222054bc59
            • Opcode Fuzzy Hash: 9036c9f731794a7df3c0e59f023905ce6c7c6856b21975bb7b9cd130e8e63b52
            • Instruction Fuzzy Hash: C2E026B195D688EFCB02CBB8E85119CBFB0AB12101F9504D5D88883792C6314A42CB81
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05323EB0, Relevance: .0, Instructions: 23COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d0d48b5fc3a011b53cdb782f6b11882ac182744a18750b000ccfebe77f182289
            • Instruction ID: 7961ccdbd28ac33399e950adfc1d826e49dd783454873c4e9146b2b92b99435e
            • Opcode Fuzzy Hash: d0d48b5fc3a011b53cdb782f6b11882ac182744a18750b000ccfebe77f182289
            • Instruction Fuzzy Hash: 23E04F7490021CEBCB28EFA8D8995ADBB71FB46302F109469DC0523344CB305AA4DF95
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532C288, Relevance: .0, Instructions: 23COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 63a5030a3fc2b4650a95e14573b3baad54c703cbd95daca6577439fc44a68471
            • Instruction ID: 9b984f6c668aa4cbb8b4978e0eb651ee0f159073f1ce0ba8a0b70de2ceb11593
            • Opcode Fuzzy Hash: 63a5030a3fc2b4650a95e14573b3baad54c703cbd95daca6577439fc44a68471
            • Instruction Fuzzy Hash: F9E08C31816208ABCB40DBB8D9863ADBBB8AB02200F6010A9D845A3B41DA30AA418A81
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532CEE9, Relevance: .0, Instructions: 23COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 56d6666aff82bfe3b72dcad5a958e4c6b42158b57188dccea51ce3c69074b09e
            • Instruction ID: fbc35b00e7224b390ebdaf453563630fa6065f733f040de7d2cea1b6edb1df7c
            • Opcode Fuzzy Hash: 56d6666aff82bfe3b72dcad5a958e4c6b42158b57188dccea51ce3c69074b09e
            • Instruction Fuzzy Hash: 7EE0CD7084D20CF7C704DBA4D5C379E7F78EB51301F5451A8C80423741D5705A42D7B5
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532D4B9, Relevance: .0, Instructions: 22COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e124af6b1c84190825cfa09123bec66d957122d39693e2e32d718752b888d4e5
            • Instruction ID: 35fe0a1b4ff7134e6b7693473ce36fa044ff8c33ad4e3df40afa509759052124
            • Opcode Fuzzy Hash: e124af6b1c84190825cfa09123bec66d957122d39693e2e32d718752b888d4e5
            • Instruction Fuzzy Hash: 87E0863085E308EFC710DF64D9866AD7F78FB06312F2081ADD80527641CB356556DB96
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532ECE0, Relevance: .0, Instructions: 21COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cb12d5d51fa2fe34f7693cbada5a8a656a7b503f3c662665caa7584a6d2c2250
            • Instruction ID: 45fcc7ef233683f97b45252195ad04af9eeea9a15e0ac3e1e1369390e8e610f2
            • Opcode Fuzzy Hash: cb12d5d51fa2fe34f7693cbada5a8a656a7b503f3c662665caa7584a6d2c2250
            • Instruction Fuzzy Hash: 0BE01274D04118EFCB44DF94D5815ACFFB9EB49300F14C0AADC4953341C6359A51DB55
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532B748, Relevance: .0, Instructions: 21COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c694ba935c545587a46aca15cd6b31f10a6aefa13d1bd102dd35fa0961e43a69
            • Instruction ID: c364745c7f35070faccc680c55bb357e7b148a7161a665db76d9bfa5bc2ee6a9
            • Opcode Fuzzy Hash: c694ba935c545587a46aca15cd6b31f10a6aefa13d1bd102dd35fa0961e43a69
            • Instruction Fuzzy Hash: 31E0CD3045D308DFC300DB64D9577EEBFACDF06201F14409DD40993952D6715540D656
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532EAC0, Relevance: .0, Instructions: 21COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cb12d5d51fa2fe34f7693cbada5a8a656a7b503f3c662665caa7584a6d2c2250
            • Instruction ID: 3497a540230c7e860cf71f5a410390853665ab68783a8d7a7863424fb084bd23
            • Opcode Fuzzy Hash: cb12d5d51fa2fe34f7693cbada5a8a656a7b503f3c662665caa7584a6d2c2250
            • Instruction Fuzzy Hash: 89E01A74D08208EFCB44DF98D5829ACFFB9FB49300F24C1AADC4563741C6369A51EB95
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532ED30, Relevance: .0, Instructions: 20COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a9aa62e5bfe655b142568a83f5d58627b2609986ce73ab05788ddcef84e31ce3
            • Instruction ID: fcdb285f867fc8f077ea23c844a5e61ed31e18296479f3ec2a2a45591d38017a
            • Opcode Fuzzy Hash: a9aa62e5bfe655b142568a83f5d58627b2609986ce73ab05788ddcef84e31ce3
            • Instruction Fuzzy Hash: B7E04F74D04108EFCB44DF98D5825ACFBB9FB49304F2480A9D80857341D631AA41DB41
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532C939, Relevance: .0, Instructions: 20COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 02cbdd10427ad2908128805b532533ee37690008ddfe63844e5fc5ad65ea75b1
            • Instruction ID: a74362ccd49936646e6dcd196f767fa70b150d72633c338c34331cbc75850f07
            • Opcode Fuzzy Hash: 02cbdd10427ad2908128805b532533ee37690008ddfe63844e5fc5ad65ea75b1
            • Instruction Fuzzy Hash: 61E0463085E248DBCB54DFA494846AD7FB5AB4A602F3492EEC8092B6A1C6394A84DB51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532D118, Relevance: .0, Instructions: 19COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2ae685dd8b37806aa128b535b2bfa7f5ea43cb79d75b4bd7bae29e4387f05d4b
            • Instruction ID: 49a14811fdc739d30cf86e559dc7c71edd1979210e9bf4235ffe6873bf5634b4
            • Opcode Fuzzy Hash: 2ae685dd8b37806aa128b535b2bfa7f5ea43cb79d75b4bd7bae29e4387f05d4b
            • Instruction Fuzzy Hash: 9DE08C30C09208EBCB84EFA8D0865ACFFB8FB44300F2080A9D80863B00CA302A41CB45
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532D560, Relevance: .0, Instructions: 19COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1f7a043346afd739b7d7e21aecb3f7a2830a89941cfde77c878be51c811fd47a
            • Instruction ID: d2ae5f6a604abea05d26428076a79fb3877854edc335a71204c9dbecae2b99f9
            • Opcode Fuzzy Hash: 1f7a043346afd739b7d7e21aecb3f7a2830a89941cfde77c878be51c811fd47a
            • Instruction Fuzzy Hash: 9DE0ECB4D49208EBCB04DFA8D5866ADFFB8FB44304F2081AAE80963741DB705A45DF89
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532C021, Relevance: .0, Instructions: 19COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d21c18aeb00d705fb49c3557e5a07bc009a90f319bea7f3447d40087ba35ed7b
            • Instruction ID: a3f34b4797f4a87c7e6cc67f72034027128eb7ab97654babe6430e4636da7852
            • Opcode Fuzzy Hash: d21c18aeb00d705fb49c3557e5a07bc009a90f319bea7f3447d40087ba35ed7b
            • Instruction Fuzzy Hash: 44D02B3041D14CEBC314C7649546B5E7F5CA70B200F181088E00812951CA395800C755
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05320070, Relevance: .0, Instructions: 19COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0668637b9a8313ed329b3e39aaf2e92c6251969301b2877552326f3d45b51893
            • Instruction ID: cfed41feff59a2b6ea8e989de685945273b84d496506b4e8eb7b4c1503925316
            • Opcode Fuzzy Hash: 0668637b9a8313ed329b3e39aaf2e92c6251969301b2877552326f3d45b51893
            • Instruction Fuzzy Hash: 62D01231545118EBC61CEBB5D65666DB678AB42204F1044A8850523291DE751E20D796
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532BF00, Relevance: .0, Instructions: 19COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 86211e60d42905d7183fd2d44206b63f1a2a8c54de8d286c6ccf68ed9186df70
            • Instruction ID: 410183da74ae9fcfecebff3363eae1f412b6153cf35f19f651bb1e942d3bf4cb
            • Opcode Fuzzy Hash: 86211e60d42905d7183fd2d44206b63f1a2a8c54de8d286c6ccf68ed9186df70
            • Instruction Fuzzy Hash: 10E04634C08208EFCB00DFA8D0955ACFFB8BB48300F2080E9E81453741D6355A40CF61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532B92F, Relevance: .0, Instructions: 18COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8729c592bab70595c5d0f37bcaa929867ba2c9fbaa8a57928f842d9600fe11b7
            • Instruction ID: a26e36cfa6634b5ef997c0a09c7f1fb47646742b592eaee07a0f8c20f2f773ed
            • Opcode Fuzzy Hash: 8729c592bab70595c5d0f37bcaa929867ba2c9fbaa8a57928f842d9600fe11b7
            • Instruction Fuzzy Hash: E2E0177099A08987CB11DFB4DAAA7EDBF78EF03206F281498D84D23542CA715A51DB18
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532D950, Relevance: .0, Instructions: 18COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 95b47f44d9adf7789d75d8cb0f53ef7d222c1dd9468eba16c8bfae2adc1c1158
            • Instruction ID: b90fb8b25162e34d43602ad7e710e115cbf0940314b2df42d0bf6a0693c9c97d
            • Opcode Fuzzy Hash: 95b47f44d9adf7789d75d8cb0f53ef7d222c1dd9468eba16c8bfae2adc1c1158
            • Instruction Fuzzy Hash: D2D05B30C5D208DBC704DFA4D58656DBF78BB45301F104598E40A33641CB701941DBD9
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532D4C8, Relevance: .0, Instructions: 18COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 105021555a7f46a9986e716a2397bfd44364fc8c7da5c01fb40352ad422ef956
            • Instruction ID: 1acc939694cfd8a6b515858e24bac957729748f89440158e659b391cb934ff6c
            • Opcode Fuzzy Hash: 105021555a7f46a9986e716a2397bfd44364fc8c7da5c01fb40352ad422ef956
            • Instruction Fuzzy Hash: 87D05B30859208EBC714DFA4D58656DBF78BB45301F204198D80523641CF706955D795
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532EBD9, Relevance: .0, Instructions: 18COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2171b187cb2f8d4acd6fde81e6c1040ac3012af654aa87fa948986e22ea69576
            • Instruction ID: dbac4663f2f2b526f7ce8d37e49a93f8ec57e238e349964d880503c9a5e89e16
            • Opcode Fuzzy Hash: 2171b187cb2f8d4acd6fde81e6c1040ac3012af654aa87fa948986e22ea69576
            • Instruction Fuzzy Hash: 26E0177181B224DAC316DFF4D6873797A2AEF42316F24059AD00956A91DA368980D762
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532CE1F, Relevance: .0, Instructions: 18COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0eb16127fc3af928e48ea3ee700455f9fa75ea96efcc54b86db0806d1eff88f7
            • Instruction ID: afb63baddcc834e092d227d30dbe741fa9467d83d5736e719b8e09a6cc5c3a48
            • Opcode Fuzzy Hash: 0eb16127fc3af928e48ea3ee700455f9fa75ea96efcc54b86db0806d1eff88f7
            • Instruction Fuzzy Hash: B2E086B19453989FCF11DFA8C9C0A8C7FA0DF01104F5505DDED9847287D631825B9764
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532BA70, Relevance: .0, Instructions: 18COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b5fc41efcc27e5f77e5368bfcdfebe667770065d89a5059436bc70f632d69b0e
            • Instruction ID: e89f637530fe5a1bac7b3cd211a6305df2fc4e1c3e5ce4e1e24be0643bdd37f1
            • Opcode Fuzzy Hash: b5fc41efcc27e5f77e5368bfcdfebe667770065d89a5059436bc70f632d69b0e
            • Instruction Fuzzy Hash: 2ED02B3040E644CFCB20CB90979B7BCFFF4AF05301F24048BDC0446A42C5754550DA11
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532C1E0, Relevance: .0, Instructions: 17COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8b01f38f659208bc2fed676be0995ea93a72d980fd186d08f3289cd841d83d4b
            • Instruction ID: 951567aa4dd6d91e620cf3c8adab3091c6cd3434b38562f054aa781e49a38589
            • Opcode Fuzzy Hash: 8b01f38f659208bc2fed676be0995ea93a72d980fd186d08f3289cd841d83d4b
            • Instruction Fuzzy Hash: 78D05B3481931CEFC714DFB595461ACBF78AF06205F5001EDC40526641DA756E80C791
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532D0D8, Relevance: .0, Instructions: 17COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0771a9a90d4d56a508b06451bd9433db385dd42c1cf2d483473d8232ea279760
            • Instruction ID: e31938561c6786cab1a60e6a6b68dde2116b5eb8135d8e0d98d72d3531bd95ac
            • Opcode Fuzzy Hash: 0771a9a90d4d56a508b06451bd9433db385dd42c1cf2d483473d8232ea279760
            • Instruction Fuzzy Hash: DFD05E30919218DBC740EBA8D5866ACBF78AB05204F6484A8C80863691DA705A81C792
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532CFF0, Relevance: .0, Instructions: 17COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4c65322f0981122bf7b8da93a8e8049403efeae395bdf060080d3930f4e88e55
            • Instruction ID: bc33b8031f0c483805810bd42fcb3a5c163bcfbc9782e5b0d1f9347368356d52
            • Opcode Fuzzy Hash: 4c65322f0981122bf7b8da93a8e8049403efeae395bdf060080d3930f4e88e55
            • Instruction Fuzzy Hash: 5BD05E7081920CEBC700EFA8E58A6ACBFB8BB05602F9040A8D80963750DA746A45CB56
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532C298, Relevance: .0, Instructions: 17COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6a28e1c5349475edad700df4de360de50ad50bfaac4613e88a8144a9a6979157
            • Instruction ID: 2f8975d13a51bf78250c3ec364b073e2db3e6c08dbfdb9618926622a5aeb04ac
            • Opcode Fuzzy Hash: 6a28e1c5349475edad700df4de360de50ad50bfaac4613e88a8144a9a6979157
            • Instruction Fuzzy Hash: C1D05E30D1A30CEBCB40EBE8D5866ADBFB8AB05200F2010A9D80823740DA715E80CB91
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532C560, Relevance: .0, Instructions: 16COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e3d2b185c9c425bf8f16dcf87fe13745b73db1a313c727549e3a4aed0324bfcb
            • Instruction ID: 316f7bef46f8163fbd4a37f8772ae42699e22cdf28baa50839a1975a8e195797
            • Opcode Fuzzy Hash: e3d2b185c9c425bf8f16dcf87fe13745b73db1a313c727549e3a4aed0324bfcb
            • Instruction Fuzzy Hash: E8D0A97085E20CEBC300DAA5D48AA6EBF6CAB07601F20209CE40923A41DA71AE80CA59
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532B940, Relevance: .0, Instructions: 16COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1d7665f3669e005ea1d9f3f6169a3ad96b2a1f70a70fb5d024c9d1556402c7be
            • Instruction ID: 9fb3dda91c8769439a9f5f9005a8dbc23a209debc280ecd389482004956f32e8
            • Opcode Fuzzy Hash: 1d7665f3669e005ea1d9f3f6169a3ad96b2a1f70a70fb5d024c9d1556402c7be
            • Instruction Fuzzy Hash: C3D0223049E20CDBC700DBA8D89AB6EFFACEB03201F10009CE40D13602CF716940CB59
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532C030, Relevance: .0, Instructions: 16COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 247dc83ced7214de67416c9c85e92d2706a1ca7637852eb65cc9ea0bfb38c3ff
            • Instruction ID: 89b1909f202781bfd265255f2b01ecbee841a7d720ffcaeb331153f3f088592a
            • Opcode Fuzzy Hash: 247dc83ced7214de67416c9c85e92d2706a1ca7637852eb65cc9ea0bfb38c3ff
            • Instruction Fuzzy Hash: 7BD0223041E20CEFC354DBA8D58BAAFBF6CEB02305F10209CE40953600CF79AD00CA6A
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532B880, Relevance: .0, Instructions: 16COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 194539c2399c95289fb1eff7b574f43cee3176de241f5c06e716ec8a8db73c7d
            • Instruction ID: 0d79752769b59ec13f465d6bc1aeb35a85adbe01635472421c80e4c5c30e97fd
            • Opcode Fuzzy Hash: 194539c2399c95289fb1eff7b574f43cee3176de241f5c06e716ec8a8db73c7d
            • Instruction Fuzzy Hash: 13D0233005FAC8C3C72153645DEA379BF5CAF43216F5C1444D44C01C43C56050D0D75E
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532B758, Relevance: .0, Instructions: 16COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 10297efa88ff4343b6c69170007fe488a8bcfbf76514e7f9476c64fe7a2b02cd
            • Instruction ID: 1881c71350a344b2408ca079c3656e33d39316a46d78faf4095641a76c64a23d
            • Opcode Fuzzy Hash: 10297efa88ff4343b6c69170007fe488a8bcfbf76514e7f9476c64fe7a2b02cd
            • Instruction Fuzzy Hash: A0D0223082E20CDBC300DBA8D5AAA6EFFACEF0A201F10009CE40993651DF712D00DAA9
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532EBE8, Relevance: .0, Instructions: 16COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 56d9a94057fa2315acf2d13bc631e88b8cb7f546f26c047e25da3aa7a592ef9c
            • Instruction ID: aa7101877e8428de6ab8f6f3d71c8b83e2810b5b162a30570480e3fd7aabeff4
            • Opcode Fuzzy Hash: 56d9a94057fa2315acf2d13bc631e88b8cb7f546f26c047e25da3aa7a592ef9c
            • Instruction Fuzzy Hash: 45D0A93041A228DBC318DAA4C18777EBB2EEB42215F2004ACD40902600CA729980D7A2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532CE61, Relevance: .0, Instructions: 16COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1a18a6604d59d10216fc56f8879772343303544032b7bc753a220aa6129e9e0d
            • Instruction ID: 41660f71218e894c06ccf4b434fe841b08fb1457f3e73f5be2702248246035fa
            • Opcode Fuzzy Hash: 1a18a6604d59d10216fc56f8879772343303544032b7bc753a220aa6129e9e0d
            • Instruction Fuzzy Hash: 63D0A7B1C8B108E7CB51CAA4F78736C7BB4FB07306F181989C40563661DA3A5E14D795
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532BA80, Relevance: .0, Instructions: 15COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 520c9539deb0c0a93dc1613ef2312eff41541880fe4a09fef1ed2de92f02cfb0
            • Instruction ID: e80551e92eac3fd42caffcb8f360179c9b1b330b73511cb2ce32a70b2ab76032
            • Opcode Fuzzy Hash: 520c9539deb0c0a93dc1613ef2312eff41541880fe4a09fef1ed2de92f02cfb0
            • Instruction Fuzzy Hash: CCD0223041E71CDBC310EBA5909E27DFFFCEB0A301F240489EC0542A02DD799A00E661
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532B17E, Relevance: .0, Instructions: 14COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 84214a65c9afc2780cf7cecd3e0b317c4cd9401932e07b9c88ca1869a05afad7
            • Instruction ID: e92a7b4446912d83d7652d7e17215b0e089b1782f78078f46e8a82887ce1f183
            • Opcode Fuzzy Hash: 84214a65c9afc2780cf7cecd3e0b317c4cd9401932e07b9c88ca1869a05afad7
            • Instruction Fuzzy Hash: E3E0E234C18218CBEB14CF66E4A0BECBBB0AB10300F20845AD052A3191CB349980CF10
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05328C6A, Relevance: .0, Instructions: 13COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 911c605ec58e6206af650dad14a5c1f2d5474ae6a1be125064a9360695371d77
            • Instruction ID: 9cbad619a991ef2b348d879f3f68c39b2aeb40b3e8a7f0e576b7363dd067575e
            • Opcode Fuzzy Hash: 911c605ec58e6206af650dad14a5c1f2d5474ae6a1be125064a9360695371d77
            • Instruction Fuzzy Hash: 49E026B4955229EFCB20DF65E988A98BBF1FB4C300F4045E5D50AA3311D7345EC68F18
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532DF1D, Relevance: .0, Instructions: 13COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 07384ea647520d15807a5ebe78ee716c6709a6c61e73e310beae9f5c029f09f1
            • Instruction ID: e8f2287c366b66178ded99ef44a53b1331b74c806c2cfae4089c8942ef898dc1
            • Opcode Fuzzy Hash: 07384ea647520d15807a5ebe78ee716c6709a6c61e73e310beae9f5c029f09f1
            • Instruction Fuzzy Hash: 43E0E274A04A38CBCB24CF18C886BE8F7BAFB05301F6000DAD609AB200C7308EC19F12
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532B890, Relevance: .0, Instructions: 12COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1b3a8dac0f1e11fdb16b75b019e5fa11bbf327d5e867838a2d889d72fc784881
            • Instruction ID: 51226cd77768366872be156480130e5a2eaa463f217049112d8a865f73b6b5f3
            • Opcode Fuzzy Hash: 1b3a8dac0f1e11fdb16b75b019e5fa11bbf327d5e867838a2d889d72fc784881
            • Instruction Fuzzy Hash: A9C02B3006FA04C3C311728461DE339FF4CFB43725F181400E40D00C030EB050D0C659
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0532B513, Relevance: .0, Instructions: 10COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1f910d34c8704a176a4a2aa70b459f1df524f063cdd278f64bd877c0b33ad774
            • Instruction ID: 910053c252b95619d4d8dc36faed38659d8e59a0f297fa06457a3a736052e5d9
            • Opcode Fuzzy Hash: 1f910d34c8704a176a4a2aa70b459f1df524f063cdd278f64bd877c0b33ad774
            • Instruction Fuzzy Hash: 80C04C7682C318DECB048F63E1595ACBEB5A716316F446155A011A2191CB7942C4DF18
            Uniqueness

            Uniqueness Score: -1.00%

            Non-executed Functions

            Function 05325400, Relevance: 1.4, Strings: 1, Instructions: 142COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID: `5q
            • API String ID: 0-3867205651
            • Opcode ID: d0e7095a29d35d28a28c96d730599d1e3c18be8d2dbbcebec2422c805e1a9dd0
            • Instruction ID: 240f0056a8616772105d30309f73edd10931db41d83855bfb3724678b1af5843
            • Opcode Fuzzy Hash: d0e7095a29d35d28a28c96d730599d1e3c18be8d2dbbcebec2422c805e1a9dd0
            • Instruction Fuzzy Hash: 3B513C70A04249CFD749DFABDA8978DBFF2FBC9304F648129E008AB255EB745C468B51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05325410, Relevance: 1.4, Strings: 1, Instructions: 136COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.347912144.0000000005320000.00000040.00000001.sdmp, Offset: 05320000, based on PE: false
            Similarity
            • API ID:
            • String ID: `5q
            • API String ID: 0-3867205651
            • Opcode ID: 0210086049058c9d5a5686df61670fc3c35d577960b46118624f39c0b648d3cd
            • Instruction ID: c910225622e0b68b01c3f9991454cee7714a7dc7eeb3dd5de919fe94f2592fa8
            • Opcode Fuzzy Hash: 0210086049058c9d5a5686df61670fc3c35d577960b46118624f39c0b648d3cd
            • Instruction Fuzzy Hash: 23512B70A04249CFD749DFABDA8978DBFF2FBC5304F648129E408AB255EB7418468B51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00AE3741, Relevance: 1.0, Instructions: 950COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.344633143.0000000000AE2000.00000002.00020000.sdmp, Offset: 00AE0000, based on PE: true
            • Associated: 00000000.00000002.344624424.0000000000AE0000.00000002.00020000.sdmp Download File
            • Associated: 00000000.00000002.344730405.0000000000B8E000.00000002.00020000.sdmp Download File
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 29a296969413ed19759f97acd1fcd9f9197d2078d695459ff5b5717dcc52176a
            • Instruction ID: e5596a0e495d71893007e8a0379e668f9d47c94f213d9c72f94441dca1f30dac
            • Opcode Fuzzy Hash: 29a296969413ed19759f97acd1fcd9f9197d2078d695459ff5b5717dcc52176a
            • Instruction Fuzzy Hash: 9F72166240E3C24FDB138B789DB51D1BFB1AE6321871E44CBC4C1CF0A3E6196A5AD762
            Uniqueness

            Uniqueness Score: -1.00%

            Analysis Process: INVOLVEMENT.exe PID: 6736 Parent PID: 5580 INVOLVEMENT.exeCOMMON

            Executed Functions

            Function 054CB26C, Relevance: 3.2, Strings: 2, Instructions: 725COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID: r$}
            • API String ID: 0-2003339531
            • Opcode ID: bafb0f08647f86bd66c927a7692a746895f1623f263c17db851a677d49d545c4
            • Instruction ID: d868bd55472a281ef7e3808c720de569e2fb5bee3cce95d92bda1c1a1635ed86
            • Opcode Fuzzy Hash: bafb0f08647f86bd66c927a7692a746895f1623f263c17db851a677d49d545c4
            • Instruction Fuzzy Hash: 13624674A00605DFCB54CF69C585AAEFBB2FF88310F5486AAD45AAB651D730F881CF90
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F2C7D, Relevance: 1.6, APIs: 1, Instructions: 87networkCOMMON
            Download Yara Rule
            APIs
            • bind.WS2_32(?,00000E2C,F78B9DE1,00000000,00000000,00000000,00000000), ref: 055F2D1F
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: bind
            • String ID:
            • API String ID: 1187836755-0
            • Opcode ID: c7b2d6e86f2813acea9ba1c94bdf0e39bd1ad4d445abbd64aa709254e6385964
            • Instruction ID: 7a8d2cb831640473a51db786a3c383e69ae2a7396f9767c08da976ebe9b1c5cf
            • Opcode Fuzzy Hash: c7b2d6e86f2813acea9ba1c94bdf0e39bd1ad4d445abbd64aa709254e6385964
            • Instruction Fuzzy Hash: F331B4B550D3C06FD713CB258D55BA6BFA8AF07210F1884DBE984DF153D224A909C772
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F157B, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
            Download Yara Rule
            APIs
            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 055F15FB
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: AdjustPrivilegesToken
            • String ID:
            • API String ID: 2874748243-0
            • Opcode ID: a4abbd97258e139eb61d89d2687c777b17a78cd48fe22a93c1ca7131be430029
            • Instruction ID: 4ebff1279a3d52ac22dbddfc2085b7d24808df7e2db71e347b053b6fde5ec933
            • Opcode Fuzzy Hash: a4abbd97258e139eb61d89d2687c777b17a78cd48fe22a93c1ca7131be430029
            • Instruction Fuzzy Hash: 7521D1755097C09FEB238F25DC44B52BFB4FF06210F0884DAE9858F263D2749908CB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F17B7, Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON
            Download Yara Rule
            APIs
            • NtQuerySystemInformation.NTDLL ref: 055F182D
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: InformationQuerySystem
            • String ID:
            • API String ID: 3562636166-0
            • Opcode ID: bbe0187ee339254f1018bdf700e4965f8cc2a07e62bb9a9610e98661acd29e29
            • Instruction ID: 7351da287e5f21afda651675e26b9dd0fd158c4c6456e8a6d6b1870440086a02
            • Opcode Fuzzy Hash: bbe0187ee339254f1018bdf700e4965f8cc2a07e62bb9a9610e98661acd29e29
            • Instruction Fuzzy Hash: F021AE714097C09FDB238B21DC55A52FFB4FF16224F0980DFE9844B1A3D269A50DDB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F2CBE, Relevance: 1.6, APIs: 1, Instructions: 62networkCOMMON
            Download Yara Rule
            APIs
            • bind.WS2_32(?,00000E2C,F78B9DE1,00000000,00000000,00000000,00000000), ref: 055F2D1F
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: bind
            • String ID:
            • API String ID: 1187836755-0
            • Opcode ID: 6ff1514d29cfc9b8c2c65edad1d6b1d6c4a52cfc91df6e7881f754fd30a80c82
            • Instruction ID: 80270bfcaa7aefbe44de5fe2eb5134d41013132133be669347c3f534a3b0202c
            • Opcode Fuzzy Hash: 6ff1514d29cfc9b8c2c65edad1d6b1d6c4a52cfc91df6e7881f754fd30a80c82
            • Instruction Fuzzy Hash: 851190B5500240AFEB21CF59DE89FA6BB9CEF44320F14C46AEE49DB251D674A405CBB1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F15B2, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
            Download Yara Rule
            APIs
            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 055F15FB
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: AdjustPrivilegesToken
            • String ID:
            • API String ID: 2874748243-0
            • Opcode ID: 38ae6b482c522adef267702a0f2472ce42f3a3e04bedb62d27b3901da32d70eb
            • Instruction ID: 70d9a461ac79670b5584cdbc4fab836f4c8bfaf67664c155f9a16ff0c943f846
            • Opcode Fuzzy Hash: 38ae6b482c522adef267702a0f2472ce42f3a3e04bedb62d27b3901da32d70eb
            • Instruction Fuzzy Hash: 44117C71504644DFDB21CF59D984B66FBE8FF04220F08C4AAEE4A8BA52D271E418CF62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F12DA, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
            Download Yara Rule
            APIs
            • GetSystemInfo.KERNELBASE(?), ref: 055F130C
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: InfoSystem
            • String ID:
            • API String ID: 31276548-0
            • Opcode ID: 800c9651a1fd49f6e3d10d0645d96a73c8b6158bc35f70305a0a31da675ba91d
            • Instruction ID: 2b82334bd47ad8f452dbf72ffa474944445353faceba80a5a2f1e1a071321501
            • Opcode Fuzzy Hash: 800c9651a1fd49f6e3d10d0645d96a73c8b6158bc35f70305a0a31da675ba91d
            • Instruction Fuzzy Hash: CE01AD70804680DFDB11CF19D988765FBE4EF44221F58C4AADE488F746D274A408CBA2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F17F2, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
            Download Yara Rule
            APIs
            • NtQuerySystemInformation.NTDLL ref: 055F182D
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: InformationQuerySystem
            • String ID:
            • API String ID: 3562636166-0
            • Opcode ID: 066cb1ff2bcff53cc37c0a7aca44a3966cf398583e2512765d01a2ae3613d414
            • Instruction ID: 96641c2a22a65d5c9857abc0c7ef592d00a015511c6cdfbb716fcc0940af48fc
            • Opcode Fuzzy Hash: 066cb1ff2bcff53cc37c0a7aca44a3966cf398583e2512765d01a2ae3613d414
            • Instruction Fuzzy Hash: 52018F35800680DFDB21CF49EA88B61FFA5FF04320F08C49EDE890B612C375A418CBA2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C8798, Relevance: .5, Instructions: 505COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a98c1775e68ee9f1552797949bf24b79f94c2b1c50e97e1e1d2dbd2ef4eb128b
            • Instruction ID: c3b06e71d5179fa0e724d94bc70c14f9ebff371049964d08f1b311c5933c1e35
            • Opcode Fuzzy Hash: a98c1775e68ee9f1552797949bf24b79f94c2b1c50e97e1e1d2dbd2ef4eb128b
            • Instruction Fuzzy Hash: 5512AE38A04215CFDB54CF69C485AAEBFF2FB89304F2485AEE4169B345DB759882CB50
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C23A0, Relevance: .5, Instructions: 505COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1c82916e7e93056c00c05a1161fdc7d870c1c9b9b096e4eec250fe3f9abe6564
            • Instruction ID: f24fa72ce60a9468531800e2b820ee5a15549a236d463c4f408bf018f5a44efc
            • Opcode Fuzzy Hash: 1c82916e7e93056c00c05a1161fdc7d870c1c9b9b096e4eec250fe3f9abe6564
            • Instruction Fuzzy Hash: 0E12AF38A08215CFCB64CF29C5946AEBBF7BB88304F1482AED4469B355DBF59846CB50
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C2FA8, Relevance: .2, Instructions: 239COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 30d19ebaf4a1fe11af79f830c8c3a3fb03df05d91bd604152ceb37bed8e6a058
            • Instruction ID: 4a8d75f0d067dc42eea9a92cc91843db8d21f331a730d7558f232695c6c04002
            • Opcode Fuzzy Hash: 30d19ebaf4a1fe11af79f830c8c3a3fb03df05d91bd604152ceb37bed8e6a058
            • Instruction Fuzzy Hash: E481B136F041059BCB44DB69D954AAEBBF3AFC4310F2AC4A9D416EB369DE35DC018B90
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C09A5, Relevance: 5.2, Strings: 4, Instructions: 174COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID: X1q$X1q$X1q$X1q
            • API String ID: 0-1201878573
            • Opcode ID: 8721a93f04ee8add3a24b5dc903e45ec35dc181016c0428aaa6d1b7ad56a5360
            • Instruction ID: 1efe9bb8f9e2a00379782cc6b153f957b87890d25a2f5675e7bb9f4029092915
            • Opcode Fuzzy Hash: 8721a93f04ee8add3a24b5dc903e45ec35dc181016c0428aaa6d1b7ad56a5360
            • Instruction Fuzzy Hash: 8B51B235B04115DFCB54DBA8D85CABEBBB6FF84708F1085EAD54A9B250DB31AD02CB81
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C02E8, Relevance: 2.7, Strings: 2, Instructions: 229COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID: 8$q$`5q
            • API String ID: 0-203649035
            • Opcode ID: 0d3cab784eea806c6f96a43377bdc75b3bbcb6e4f6b1fc56c2c864f847968877
            • Instruction ID: 6506facf9780bf1fc612601845e19a18ae4e10dc5cbb7153523fbb6a9b0cd453
            • Opcode Fuzzy Hash: 0d3cab784eea806c6f96a43377bdc75b3bbcb6e4f6b1fc56c2c864f847968877
            • Instruction Fuzzy Hash: 7281C374B04205CFCB45DB68C5646AE7BE3BFC9700F1480AEE54AEB3A1DA35AC02CB51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CD140, Relevance: 2.6, Strings: 2, Instructions: 109COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID: E>6q^$=6q^
            • API String ID: 0-33921370
            • Opcode ID: 9a8007fd31935073ebdab3edcb90e2b843d76952e124144a64a0d32c0c2cb9db
            • Instruction ID: 9d1df32a52f916d17a4d2202920545cfcdf6091e2e4b11a170462166e87a7570
            • Opcode Fuzzy Hash: 9a8007fd31935073ebdab3edcb90e2b843d76952e124144a64a0d32c0c2cb9db
            • Instruction Fuzzy Hash: 344171746052418FCB469B38951849A7FA2FB4A30C36485AEE506CF356DF36AC4BCBD0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C5EB8, Relevance: 2.5, Strings: 2, Instructions: 28COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID: lq$-S6q^
            • API String ID: 0-13143173
            • Opcode ID: 8663171c277cba52651240ef7ebcaabdb0db4eb885408792664a1ab16dab0315
            • Instruction ID: ef4dc5443b5ca4832df1afed339cfede55c7baefe7f1d2d6483d2c5830389d2f
            • Opcode Fuzzy Hash: 8663171c277cba52651240ef7ebcaabdb0db4eb885408792664a1ab16dab0315
            • Instruction Fuzzy Hash: EAE0262430E2D41FDB12237A1C912FF3F4FED8384134948EAE086DA242DD049C0783D5
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C5EC8, Relevance: 2.5, Strings: 2, Instructions: 20COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID: lq$-S6q^
            • API String ID: 0-13143173
            • Opcode ID: af6a6b38acb4bc504a53e8aff07b7bf7255e8520d6ef8d6c3ec9d088cc4a70e8
            • Instruction ID: 2879d0e7595ffda86d0551aea94ab09070abb310310a8aea9c93fa3935823ef8
            • Opcode Fuzzy Hash: af6a6b38acb4bc504a53e8aff07b7bf7255e8520d6ef8d6c3ec9d088cc4a70e8
            • Instruction Fuzzy Hash: 8FD0972830111517EA14323F4C041BF330F7EC1882301089CE00ADA340ED04EC0283E4
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C12A0, Relevance: 1.7, Strings: 1, Instructions: 460COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID: $gq
            • API String ID: 0-815412418
            • Opcode ID: dc95ff662c34339a1501cddabf88f7dbc307f5663f11d3796a2e11d9ce036933
            • Instruction ID: c0bece9c63d31e1fa6fe6010715ed342920a658671d2736c9a03df73808de3c2
            • Opcode Fuzzy Hash: dc95ff662c34339a1501cddabf88f7dbc307f5663f11d3796a2e11d9ce036933
            • Instruction Fuzzy Hash: 40222C38A00615CFCB54DF24C590AAABBF2FF88300F50869AD85A9B715DB35ED85CF50
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F1968, Relevance: 1.6, APIs: 1, Instructions: 99networkCOMMON
            Download Yara Rule
            APIs
            • DnsQuery_A.DNSAPI(?,00000E2C,?,?), ref: 055F1A2E
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: Query_
            • String ID:
            • API String ID: 428220571-0
            • Opcode ID: 52ef91d16b709a70a98dabe96e87049be9dc22428f1de5003eb11186d9edefe5
            • Instruction ID: a4264034221d1e3507567bf0121ac0bf85e9c29cc07ec56358fbaac24c04190e
            • Opcode Fuzzy Hash: 52ef91d16b709a70a98dabe96e87049be9dc22428f1de5003eb11186d9edefe5
            • Instruction Fuzzy Hash: D0316F3550E3C0AFD3138B258C65A61BF74EF47610B0E85CBE8848F5A3D229A909C7B2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F0736, Relevance: 1.6, APIs: 1, Instructions: 94COMMON
            Download Yara Rule
            APIs
            • GetTokenInformation.KERNELBASE(?,00000E2C,F78B9DE1,00000000,00000000,00000000,00000000), ref: 055F07E0
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: InformationToken
            • String ID:
            • API String ID: 4114910276-0
            • Opcode ID: 1d71c65001e5fc7b613b4337ce291367102d97b091db6630717abd5c80dd7223
            • Instruction ID: 767e4aa5ddb2c597cebf25eaaf4680faa93532076026bd361cf4535e49ab4186
            • Opcode Fuzzy Hash: 1d71c65001e5fc7b613b4337ce291367102d97b091db6630717abd5c80dd7223
            • Instruction Fuzzy Hash: DB31C771505380AFEB228F25DD49FA7BFB8EF06310F0884DAE985DB163D224A508C7B1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F0390, Relevance: 1.6, APIs: 1, Instructions: 93registryCOMMON
            Download Yara Rule
            APIs
            • RegQueryValueExA.KERNELBASE(?,00000E2C), ref: 055F045E
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: QueryValue
            • String ID:
            • API String ID: 3660427363-0
            • Opcode ID: b09bba981f875545e5c5e4bec0d61ec31196f2ef842dc2a2da52d0b8cca38813
            • Instruction ID: 135ddc0f9b0389c4e74f45f6850bfea183b35ee1449013e57a9649ef694095c8
            • Opcode Fuzzy Hash: b09bba981f875545e5c5e4bec0d61ec31196f2ef842dc2a2da52d0b8cca38813
            • Instruction Fuzzy Hash: 5E31C8710047446FE7228F25CC45FA6FFA8EF06314F08859EE9859B193D265A949CB71
            Uniqueness

            Uniqueness Score: -1.00%

            Function 013BAA02, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON
            Download Yara Rule
            APIs
            • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 013BAAB1
            Memory Dump Source
            • Source File: 0000000A.00000002.576050011.00000000013BA000.00000040.00000001.sdmp, Offset: 013BA000, based on PE: false
            Similarity
            • API ID: Open
            • String ID:
            • API String ID: 71445658-0
            • Opcode ID: 1d769fb060262091d655d1c80cc0550e34934031d18a0a2db24a0c26e56a020b
            • Instruction ID: 43cba3a52413c99267e5fa325b0fe5fcb001cba38fe53a57e97f64976f901315
            • Opcode Fuzzy Hash: 1d769fb060262091d655d1c80cc0550e34934031d18a0a2db24a0c26e56a020b
            • Instruction Fuzzy Hash: 9231E8715447846FE7228F29CD85FA7BFACEF06310F08859AED809B152D264E909C771
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F0D68, Relevance: 1.6, APIs: 1, Instructions: 92fileCOMMON
            Download Yara Rule
            APIs
            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 055F0E0D
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: CreateFile
            • String ID:
            • API String ID: 823142352-0
            • Opcode ID: ae7e24cb29c256381d755c91f5eef9c905862add6fa8302362fc662bb0df6acc
            • Instruction ID: be4613b9c4e3413f3bcddbd06e0171c860da17b9cab6fd92efb8cfd23fc2593a
            • Opcode Fuzzy Hash: ae7e24cb29c256381d755c91f5eef9c905862add6fa8302362fc662bb0df6acc
            • Instruction Fuzzy Hash: AC317071505384AFE722CF25DD44F66BFE8FF05610F08849EEA858B292D275E509CB71
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F2734, Relevance: 1.6, APIs: 1, Instructions: 90timeCOMMON
            Download Yara Rule
            APIs
            • GetProcessTimes.KERNELBASE(?,00000E2C,F78B9DE1,00000000,00000000,00000000,00000000), ref: 055F27D1
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: ProcessTimes
            • String ID:
            • API String ID: 1995159646-0
            • Opcode ID: 99176ee922bb6b9e56078bb12ffb4131f874afab3517577abacdfe5ce83aad75
            • Instruction ID: 8410fe8b69e41635ae4e4a0bf5d3c5ce0a101e2fb93337b666a4e533567ef084
            • Opcode Fuzzy Hash: 99176ee922bb6b9e56078bb12ffb4131f874afab3517577abacdfe5ce83aad75
            • Instruction Fuzzy Hash: C431F7724093806FEB12CF25DD45FA6BFB8EF06310F0884DAE985DB153D224A805CBB1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 013BAAF9, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
            Download Yara Rule
            APIs
            • RegQueryValueExW.KERNELBASE(?,00000E2C,F78B9DE1,00000000,00000000,00000000,00000000), ref: 013BABB4
            Memory Dump Source
            • Source File: 0000000A.00000002.576050011.00000000013BA000.00000040.00000001.sdmp, Offset: 013BA000, based on PE: false
            Similarity
            • API ID: QueryValue
            • String ID:
            • API String ID: 3660427363-0
            • Opcode ID: c4ecb418af6fe3530d93ef05c38dc02168b70ad9274d1e33d198fad3206b84ea
            • Instruction ID: f6c4e5e101558a759c8d2d455d24a783cb9b192fd6be972e62e4157cb0827efc
            • Opcode Fuzzy Hash: c4ecb418af6fe3530d93ef05c38dc02168b70ad9274d1e33d198fad3206b84ea
            • Instruction Fuzzy Hash: 0B31A7711097845FE722CB25CC85FA2BFACEF06314F18899AE985DB153D264E548CB71
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F00F6, Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
            Download Yara Rule
            APIs
            • CreateMutexW.KERNELBASE(?,?), ref: 055F019D
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: CreateMutex
            • String ID:
            • API String ID: 1964310414-0
            • Opcode ID: 3aa9bf93bf8fbc2208916af3e47bfa9d7defcff1169d8058eb87a78b97c3906d
            • Instruction ID: a327312ca322d32acf758ede5869f5e4d8c35acbb300d6a194a460fee8afc4a8
            • Opcode Fuzzy Hash: 3aa9bf93bf8fbc2208916af3e47bfa9d7defcff1169d8058eb87a78b97c3906d
            • Instruction Fuzzy Hash: 1E31B1715097806FE722CB25CC89F66FFE8FF06210F08849AE985CB293D335A908C761
            Uniqueness

            Uniqueness Score: -1.00%

            Function 013BAF50, Relevance: 1.6, APIs: 1, Instructions: 87COMMON
            Download Yara Rule
            APIs
            • CreateActCtxA.KERNEL32(?,00000E2C,?,?), ref: 013BAFEA
            Memory Dump Source
            • Source File: 0000000A.00000002.576050011.00000000013BA000.00000040.00000001.sdmp, Offset: 013BA000, based on PE: false
            Similarity
            • API ID: Create
            • String ID:
            • API String ID: 2289755597-0
            • Opcode ID: f3990a363fe3cb31a66e33e5f59eaccc99b025fe3527af45106cc44dbb8784cb
            • Instruction ID: 3566e17467141c662719141ae2a616ac30fbb59f4cdaad9057c5b2a82b8330b7
            • Opcode Fuzzy Hash: f3990a363fe3cb31a66e33e5f59eaccc99b025fe3527af45106cc44dbb8784cb
            • Instruction Fuzzy Hash: 7831A07140E7C06FD7138B258C55B66BFB4EF47610F0A81DBE884CB5A3D229A919C7A2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F22C8, Relevance: 1.6, APIs: 1, Instructions: 87fileCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: FileView
            • String ID:
            • API String ID: 3314676101-0
            • Opcode ID: b98ea0ada467afd457d6400e36eb1111f9e6ae6c1bc0b66b80937d650c2c5727
            • Instruction ID: f247f0fe44d69b311e5d440add87b4bc03346ae4c983ddd572c3b126757579a2
            • Opcode Fuzzy Hash: b98ea0ada467afd457d6400e36eb1111f9e6ae6c1bc0b66b80937d650c2c5727
            • Instruction Fuzzy Hash: 8D31D3B2404780AFE722CF19CC45F56FFF8FF06320F04859AE9849B292D365A509CB61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F04AB, Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON
            Download Yara Rule
            APIs
            • RegQueryValueExW.KERNELBASE(?,00000E2C,F78B9DE1,00000000,00000000,00000000,00000000), ref: 055F055C
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: QueryValue
            • String ID:
            • API String ID: 3660427363-0
            • Opcode ID: f0dcfb3876582bb7b37856d7a2575b5cf8aa2291aa8995d3679880fead117a5f
            • Instruction ID: 9ac6d3665fdf74a672780318e4b42665abe9fc0de729e2f4a08f75e25b11766f
            • Opcode Fuzzy Hash: f0dcfb3876582bb7b37856d7a2575b5cf8aa2291aa8995d3679880fead117a5f
            • Instruction Fuzzy Hash: 76318471109780AFD722CB65DD44F52BFF8AF07210F0C85DAE9859B1A3D264E808CB71
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F02AB, Relevance: 1.6, APIs: 1, Instructions: 79registryCOMMON
            Download Yara Rule
            APIs
            • RegOpenKeyExA.KERNELBASE(?,00000E2C), ref: 055F0353
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: Open
            • String ID:
            • API String ID: 71445658-0
            • Opcode ID: 7babd91c03d509171b42494673abb0575d34ca3025be140d66c43019d04ce666
            • Instruction ID: 6280cba5f04a486c2996d20df264fc4152c3f0613a6f54a6c2000d4d31a2d623
            • Opcode Fuzzy Hash: 7babd91c03d509171b42494673abb0575d34ca3025be140d66c43019d04ce666
            • Instruction Fuzzy Hash: 5F21EA710097806FE7228F14CC45FA6FFB8EF06310F0884DAE9845B193D275A909C771
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F21E6, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
            Download Yara Rule
            APIs
            • OpenFileMappingW.KERNELBASE(?,?), ref: 055F2271
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: FileMappingOpen
            • String ID:
            • API String ID: 1680863896-0
            • Opcode ID: 75807961825f1106650b7d81f3d4110493c28d7a52fedaaff30b3a417df4de73
            • Instruction ID: 55e09be22508c5e6f4ec2a618ce89121d4b37e6a1cb22bc12fbe9ee2955673d0
            • Opcode Fuzzy Hash: 75807961825f1106650b7d81f3d4110493c28d7a52fedaaff30b3a417df4de73
            • Instruction Fuzzy Hash: 1121B4B15053806FE721CF69CC45F66FFA8EF45220F08849EED848B252D275A504C761
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F1A5A, Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON
            Download Yara Rule
            APIs
            • WSASocketW.WS2_32(?,?,?,?,?), ref: 055F1AE6
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: Socket
            • String ID:
            • API String ID: 38366605-0
            • Opcode ID: f7b5c70688eafbb54fb3a0f57a8d65040ee29aeb2976a3315a68f0ca24b1cfca
            • Instruction ID: 2b5af088f9d3ea0656b0220e5ceaf8e9e17723709330131e0aa07355f9b26667
            • Opcode Fuzzy Hash: f7b5c70688eafbb54fb3a0f57a8d65040ee29aeb2976a3315a68f0ca24b1cfca
            • Instruction Fuzzy Hash: 7B21B171405780AFE722CF65DC45F66FFB8EF05310F08849EE9858B252D375A508CB61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F11CC, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
            Download Yara Rule
            APIs
            • DeleteFileA.KERNELBASE(?,00000E2C), ref: 055F1263
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: DeleteFile
            • String ID:
            • API String ID: 4033686569-0
            • Opcode ID: 2057109956f07f5d063554b9be5add9b2b1e6f8e09ae49f84ed6fbe96cd3f106
            • Instruction ID: 15af9668056e2479c79ed75611e1bf73ac95cf49e7117780352ea75085daaeed
            • Opcode Fuzzy Hash: 2057109956f07f5d063554b9be5add9b2b1e6f8e09ae49f84ed6fbe96cd3f106
            • Instruction Fuzzy Hash: 8621F871104780AFE7228B25DC45FA6BFA8EF42310F1880DAFD849F192D265A849C761
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F0D8E, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
            Download Yara Rule
            APIs
            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 055F0E0D
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: CreateFile
            • String ID:
            • API String ID: 823142352-0
            • Opcode ID: e09fecd7f78b0423fd7095dc32652b906a4f6dfdd687738c161a70f37cbfbc5d
            • Instruction ID: ff97eb735ebbd16be4c9d2e1908ee64d68cf833531604a27773688337e9f23b2
            • Opcode Fuzzy Hash: e09fecd7f78b0423fd7095dc32652b906a4f6dfdd687738c161a70f37cbfbc5d
            • Instruction Fuzzy Hash: BC21A171504244AFEB21CF29CD48F66FBE8FF04310F08886AEA858B292D331E404CB75
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F0F34, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
            Download Yara Rule
            APIs
            • setsockopt.WS2_32(?,00000E2C,F78B9DE1,00000000,00000000,00000000,00000000), ref: 055F0FC5
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: setsockopt
            • String ID:
            • API String ID: 3981526788-0
            • Opcode ID: 9ead10fe317114f1faa7978c32f802ca3fd40aababe5c3a9b1d8a05c8426c5b6
            • Instruction ID: dd1a8823547adb983ea28725e93f5331ede7dc981a18f7d9b9e3095f578db813
            • Opcode Fuzzy Hash: 9ead10fe317114f1faa7978c32f802ca3fd40aababe5c3a9b1d8a05c8426c5b6
            • Instruction Fuzzy Hash: 0F21C171409780AFEB228F25DD44F66BFB8EF46310F0884DBED849B153C225A409CB72
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F03CA, Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON
            Download Yara Rule
            APIs
            • RegQueryValueExA.KERNELBASE(?,00000E2C), ref: 055F045E
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: QueryValue
            • String ID:
            • API String ID: 3660427363-0
            • Opcode ID: 069324b1b31d81fd4f1f7f006ff6893a86b24dcc2ec107ae17f2d34e8f7afe51
            • Instruction ID: 1816317363b97d7cfc284f50f5e0707179905ecba4f09b739ebddf92e917787b
            • Opcode Fuzzy Hash: 069324b1b31d81fd4f1f7f006ff6893a86b24dcc2ec107ae17f2d34e8f7afe51
            • Instruction Fuzzy Hash: 1A21D371100204AEEB32CF15CD49FB6FBACEF04310F04895AEE469B192D2B1A549CBB1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F10ED, Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON
            Download Yara Rule
            APIs
            • RegSetValueExW.KERNELBASE(?,00000E2C,F78B9DE1,00000000,00000000,00000000,00000000), ref: 055F1184
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: Value
            • String ID:
            • API String ID: 3702945584-0
            • Opcode ID: 49d9b7cab605e041b1edb60c08867fef2bab79c2225f1a023de5d8920abd9642
            • Instruction ID: 21e7bb06bf6b52d4260bfb9b3cfa5221fc1721f6a5ca660777cb26a9732419a2
            • Opcode Fuzzy Hash: 49d9b7cab605e041b1edb60c08867fef2bab79c2225f1a023de5d8920abd9642
            • Instruction Fuzzy Hash: 5F216072508780AFEB22CA15DD85F67BFACFF45610F08859AED859B252D264E808CB71
            Uniqueness

            Uniqueness Score: -1.00%

            Function 013BAA32, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
            Download Yara Rule
            APIs
            • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 013BAAB1
            Memory Dump Source
            • Source File: 0000000A.00000002.576050011.00000000013BA000.00000040.00000001.sdmp, Offset: 013BA000, based on PE: false
            Similarity
            • API ID: Open
            • String ID:
            • API String ID: 71445658-0
            • Opcode ID: 7fd2894d2bb063819ee19f91d03e7091effc73e626566153ebe3a1761abb4f1e
            • Instruction ID: dd0029c0b6bc0e4d31934d7a91ed63573431fff1c818c78f366d9b1398605eee
            • Opcode Fuzzy Hash: 7fd2894d2bb063819ee19f91d03e7091effc73e626566153ebe3a1761abb4f1e
            • Instruction Fuzzy Hash: FC219571500604AFF7219E19CE85FAAFBECEF04310F14855AEE459B642E664E5088BB1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F012A, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
            Download Yara Rule
            APIs
            • CreateMutexW.KERNELBASE(?,?), ref: 055F019D
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: CreateMutex
            • String ID:
            • API String ID: 1964310414-0
            • Opcode ID: 6d7fd381e7763e76411176cdfcdfb82d816b12fdd8bb66a60883cf2ae8b7e351
            • Instruction ID: 11fc789216ed127ab4296bfff425962d9f5394dd19e6fc3b91ce5e57226d56a8
            • Opcode Fuzzy Hash: 6d7fd381e7763e76411176cdfcdfb82d816b12fdd8bb66a60883cf2ae8b7e351
            • Instruction Fuzzy Hash: 5021BE71504244AFE721DF29CD89F6AFBE8FF04310F18846AEE4A8B292D371E504CB61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F100F, Relevance: 1.6, APIs: 1, Instructions: 71fileCOMMON
            Download Yara Rule
            APIs
            • CopyFileW.KERNELBASE(?,?,?), ref: 055F1092
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: CopyFile
            • String ID:
            • API String ID: 1304948518-0
            • Opcode ID: 7a18e5b2adf4e63273d2a9b0cbfeebd015e1f264a2576a94696703b75869673f
            • Instruction ID: c4e517b15a386545f6482efd9447dce1e5c60b91843d01ffe40d9099f3061bd4
            • Opcode Fuzzy Hash: 7a18e5b2adf4e63273d2a9b0cbfeebd015e1f264a2576a94696703b75869673f
            • Instruction Fuzzy Hash: 292195715097C09FDB22CB29DC54B52BFE8FF56224F1884DAED85CB253D625E404C761
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F0C97, Relevance: 1.6, APIs: 1, Instructions: 71COMMON
            Download Yara Rule
            APIs
            • CreateDirectoryW.KERNELBASE(?,?), ref: 055F0D13
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: CreateDirectory
            • String ID:
            • API String ID: 4241100979-0
            • Opcode ID: dee9a94003121e4e67ec7a6dd945d5e3b06ddebb662918fd0643e9729e0d25df
            • Instruction ID: 18fc1f8e632aabcaa0666d2e061b4a82f79a2677b2f001a156cac4dfea817b93
            • Opcode Fuzzy Hash: dee9a94003121e4e67ec7a6dd945d5e3b06ddebb662918fd0643e9729e0d25df
            • Instruction Fuzzy Hash: 192171755093809FD712CB25DC45B52BFA8FF16210F0984EAE989CF2A3D264E509CB61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F0E74, Relevance: 1.6, APIs: 1, Instructions: 70COMMON
            Download Yara Rule
            APIs
            • GetFileType.KERNELBASE(?,00000E2C,F78B9DE1,00000000,00000000,00000000,00000000), ref: 055F0EF9
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: FileType
            • String ID:
            • API String ID: 3081899298-0
            • Opcode ID: 73c5855978c4c62a737c908d71ee6e4b34ae3c3fe3fd9c4142117cad63199b8e
            • Instruction ID: a632d37a26decc8ab582c79bc277034b7fbf82781af3b41f5b7aef5d47fea474
            • Opcode Fuzzy Hash: 73c5855978c4c62a737c908d71ee6e4b34ae3c3fe3fd9c4142117cad63199b8e
            • Instruction Fuzzy Hash: D121D5714087C06FE7128B299D45FB3BFACEF46620F1880DAED859B253D264A908C771
            Uniqueness

            Uniqueness Score: -1.00%

            Function 013BAB3A, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
            Download Yara Rule
            APIs
            • RegQueryValueExW.KERNELBASE(?,00000E2C,F78B9DE1,00000000,00000000,00000000,00000000), ref: 013BABB4
            Memory Dump Source
            • Source File: 0000000A.00000002.576050011.00000000013BA000.00000040.00000001.sdmp, Offset: 013BA000, based on PE: false
            Similarity
            • API ID: QueryValue
            • String ID:
            • API String ID: 3660427363-0
            • Opcode ID: 4a8e033971afc0d1de8dccbec62cf4e7901a509b09ccab7c4ae8dddda6849f14
            • Instruction ID: 791e91d4cce4635caadd8aad1bb1f717605fe0b44500aac7912f0232e2690d60
            • Opcode Fuzzy Hash: 4a8e033971afc0d1de8dccbec62cf4e7901a509b09ccab7c4ae8dddda6849f14
            • Instruction Fuzzy Hash: A1219371504604AFEB21CF19CD85FA6FBECEF04710F14895AEE559B652E760E408CBB1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F0776, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
            Download Yara Rule
            APIs
            • GetTokenInformation.KERNELBASE(?,00000E2C,F78B9DE1,00000000,00000000,00000000,00000000), ref: 055F07E0
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: InformationToken
            • String ID:
            • API String ID: 4114910276-0
            • Opcode ID: 052de33aee74e7704b59840aef1c8b3b7dafafcd02376fa4a5f24873ee52b3f9
            • Instruction ID: 9a88c9b91a17a09bec99b52d289d9f6ad1c8d28e256569d6a20a3534124ed6bb
            • Opcode Fuzzy Hash: 052de33aee74e7704b59840aef1c8b3b7dafafcd02376fa4a5f24873ee52b3f9
            • Instruction Fuzzy Hash: DA11B771500244AFEB22CF65DE49FA6FBACEF05320F14846AED45EB252D674A404CBB1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F1648, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
            Download Yara Rule
            APIs
            • FindCloseChangeNotification.KERNELBASE(?), ref: 055F16B4
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: ChangeCloseFindNotification
            • String ID:
            • API String ID: 2591292051-0
            • Opcode ID: 9912c790be5f33cca3b84d0b7c780099dda9298555d258dec571fd726471f2d8
            • Instruction ID: 5d0334dcea55b76843402c27d87d2881e9379ae29d5d99a96197d5ff8e6daf10
            • Opcode Fuzzy Hash: 9912c790be5f33cca3b84d0b7c780099dda9298555d258dec571fd726471f2d8
            • Instruction Fuzzy Hash: 4A21C3725097C09FDB138B25DC54B92BFB4AF47224F0D80DAED858F663D2649908CB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F2206, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
            Download Yara Rule
            APIs
            • OpenFileMappingW.KERNELBASE(?,?), ref: 055F2271
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: FileMappingOpen
            • String ID:
            • API String ID: 1680863896-0
            • Opcode ID: 23b32eaeb888ddeed72e3ac07d4aafcdf11e071f9c92186f78a8ac38f9ccd704
            • Instruction ID: 6034044e572877387e8c30def1f6f0a559a00b3b01889e83dc79171a49fae43b
            • Opcode Fuzzy Hash: 23b32eaeb888ddeed72e3ac07d4aafcdf11e071f9c92186f78a8ac38f9ccd704
            • Instruction Fuzzy Hash: 3621F3B5504240AFEB21DF69CD85B6AFBD8FF04320F14C46AEE859B242D271A404CB71
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F1A7A, Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
            Download Yara Rule
            APIs
            • WSASocketW.WS2_32(?,?,?,?,?), ref: 055F1AE6
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: Socket
            • String ID:
            • API String ID: 38366605-0
            • Opcode ID: 9c873df878b56927b85be9227508b64aeecec61dcb9f75b571867095e0a24506
            • Instruction ID: 2c227f78149fb38be58ada4645a16826b5a8715863f11760f6a3d2356c3f1980
            • Opcode Fuzzy Hash: 9c873df878b56927b85be9227508b64aeecec61dcb9f75b571867095e0a24506
            • Instruction Fuzzy Hash: 4D21CF71500640EFEB22DF69DD45B66FBE9FF04310F14885EEA858B652D371A408CBA1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F2306, Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: FileView
            • String ID:
            • API String ID: 3314676101-0
            • Opcode ID: a543a618c3eb1203ee6ef4ff0593d05bb51a0cd9ba7255966fcd59796bc0778e
            • Instruction ID: eb432b5de41f6a5f347a96120dc7d672c69951c6cefba25da111eba548934501
            • Opcode Fuzzy Hash: a543a618c3eb1203ee6ef4ff0593d05bb51a0cd9ba7255966fcd59796bc0778e
            • Instruction Fuzzy Hash: A921A1B1500244AFEB22CF59CD49F66FBE8FF08310F14845AEA859B242D775A508CBA1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F16FD, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
            Download Yara Rule
            APIs
            • K32EnumProcesses.KERNEL32(?,?,?,F78B9DE1,00000000,?,?,?,?,?,?,?,?,72733C38), ref: 055F176E
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: EnumProcesses
            • String ID:
            • API String ID: 84517404-0
            • Opcode ID: b47ddc050e12fa0226729f7039782048b9e390788d9fa13e9ea6015220274c12
            • Instruction ID: 1abcd67580e7a3452bf8e2a4106d0cac345813638ec637c6d6cfb2f5339d5864
            • Opcode Fuzzy Hash: b47ddc050e12fa0226729f7039782048b9e390788d9fa13e9ea6015220274c12
            • Instruction Fuzzy Hash: C72153715097849FD712CB65DC45B92BFE8FF46210F0984EBE985CB263D235A908CB61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F01F4, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
            Download Yara Rule
            APIs
            • FindCloseChangeNotification.KERNELBASE(?), ref: 055F0264
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: ChangeCloseFindNotification
            • String ID:
            • API String ID: 2591292051-0
            • Opcode ID: 18999ba009f5454810e6ec6af73fd72b97a7f8d0e8cbcaa3bf87cb3201aca40d
            • Instruction ID: 3f2b20badd6d54cdf65491c8887651b41f5915f454d83d0b98bc31ee20605814
            • Opcode Fuzzy Hash: 18999ba009f5454810e6ec6af73fd72b97a7f8d0e8cbcaa3bf87cb3201aca40d
            • Instruction Fuzzy Hash: 0121F6754097C49FDB12CB65DD89B65BFA8FF02220F0C80DBDD859B6A3D234A808CB61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F1112, Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
            Download Yara Rule
            APIs
            • RegSetValueExW.KERNELBASE(?,00000E2C,F78B9DE1,00000000,00000000,00000000,00000000), ref: 055F1184
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: Value
            • String ID:
            • API String ID: 3702945584-0
            • Opcode ID: 4a6c962ddf7221ba7b834ac243c779b0f810afb1cae9913aacb4398892121408
            • Instruction ID: 3c32ba731c767dcd8c5673616650944ebf77e811ada43e2c2e9ab8d58db7e403
            • Opcode Fuzzy Hash: 4a6c962ddf7221ba7b834ac243c779b0f810afb1cae9913aacb4398892121408
            • Instruction Fuzzy Hash: A4118E72604600EFEB21CE19DE85F67FBACFF04710F14856AEE469B242D264E408CBB1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F04EA, Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
            Download Yara Rule
            APIs
            • RegQueryValueExW.KERNELBASE(?,00000E2C,F78B9DE1,00000000,00000000,00000000,00000000), ref: 055F055C
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: QueryValue
            • String ID:
            • API String ID: 3660427363-0
            • Opcode ID: 694370470d37a1135f1f9aa127610e7ff6cdc4258d6e446974ce544cde3c1157
            • Instruction ID: 4bd0d2938f32ff6c5d5f49c7b4293c4a16c958c33f2e0bac0831c5f0e8523513
            • Opcode Fuzzy Hash: 694370470d37a1135f1f9aa127610e7ff6cdc4258d6e446974ce544cde3c1157
            • Instruction Fuzzy Hash: 47117F71500640EFEB21CE59DD89F66FBECFF04710F18845AEE469B292D260E408CBB1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F2772, Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON
            Download Yara Rule
            APIs
            • GetProcessTimes.KERNELBASE(?,00000E2C,F78B9DE1,00000000,00000000,00000000,00000000), ref: 055F27D1
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: ProcessTimes
            • String ID:
            • API String ID: 1995159646-0
            • Opcode ID: ac1f7b10cf153b1f3caa36498f3242ea67f0122fc4a27beda1eb23e93cffb59a
            • Instruction ID: d4c44fd0c40fd15ecfb0a7824a70c1c1f3eb3e3f0d3dcf829d016bdea5c34da0
            • Opcode Fuzzy Hash: ac1f7b10cf153b1f3caa36498f3242ea67f0122fc4a27beda1eb23e93cffb59a
            • Instruction Fuzzy Hash: E411E671500700AFEB22CF69DE85F66FBA8FF04320F14C46AEE459B251D270A404CBB1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F1410, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
            Download Yara Rule
            APIs
            • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 055F147A
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: LookupPrivilegeValue
            • String ID:
            • API String ID: 3899507212-0
            • Opcode ID: b0ffeaf9119bc126e724a483e5c62cfa9115391b8a1d0479795db3108791a70a
            • Instruction ID: 1cd2dfe40c199773cd2b128416d845005668dae60d26d5c2ab89f750123949ff
            • Opcode Fuzzy Hash: b0ffeaf9119bc126e724a483e5c62cfa9115391b8a1d0479795db3108791a70a
            • Instruction Fuzzy Hash: 1D1172715097809FDB21CF25DD89B66FFE8FF45220F0884AAED85CB252D275E408CB61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 013BA51F, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
            Download Yara Rule
            APIs
            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 013BA58A
            Memory Dump Source
            • Source File: 0000000A.00000002.576050011.00000000013BA000.00000040.00000001.sdmp, Offset: 013BA000, based on PE: false
            Similarity
            • API ID: DuplicateHandle
            • String ID:
            • API String ID: 3793708945-0
            • Opcode ID: d999ef173f520115fef8e2c2b4bbd4ebb4b47d67373be1f662a49dbfb27624fe
            • Instruction ID: b359ec2c282bfdb2b848c228e38904eeecc9d87fa725dcaf86a585d2ca3f7849
            • Opcode Fuzzy Hash: d999ef173f520115fef8e2c2b4bbd4ebb4b47d67373be1f662a49dbfb27624fe
            • Instruction Fuzzy Hash: 5811A271409780AFDB228F55DC44A62FFF4EF4A220F08849AEE858B663D235A518DB61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 013BB7CA, Relevance: 1.6, APIs: 1, Instructions: 61windowCOMMON
            Download Yara Rule
            APIs
            • SendMessageW.USER32(?,?,?,?), ref: 013BB841
            Memory Dump Source
            • Source File: 0000000A.00000002.576050011.00000000013BA000.00000040.00000001.sdmp, Offset: 013BA000, based on PE: false
            Similarity
            • API ID: MessageSend
            • String ID:
            • API String ID: 3850602802-0
            • Opcode ID: 2c24d500c15e96df3d8ae4f804016e3e9c8690a1adce36b80b5185b9808a5215
            • Instruction ID: 4dcbfd22fae5de6028edcc63cd2bf72a755e0628de7f45ae777c18cda0dbe87a
            • Opcode Fuzzy Hash: 2c24d500c15e96df3d8ae4f804016e3e9c8690a1adce36b80b5185b9808a5215
            • Instruction Fuzzy Hash: 87219D714097C09FDB238B25DC54A92BFB0AF17224F0D84CAE9C44F263D265A958DB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F0F66, Relevance: 1.6, APIs: 1, Instructions: 60COMMON
            Download Yara Rule
            APIs
            • setsockopt.WS2_32(?,00000E2C,F78B9DE1,00000000,00000000,00000000,00000000), ref: 055F0FC5
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: setsockopt
            • String ID:
            • API String ID: 3981526788-0
            • Opcode ID: 369d2787e313fbcd8e41203d88f39340a80d3e5c445e85d174a8d36d7648173e
            • Instruction ID: bbb4dd4d91abe59bf2546db29fdd7858b933133aed0852f0eae34546e3bddb72
            • Opcode Fuzzy Hash: 369d2787e313fbcd8e41203d88f39340a80d3e5c445e85d174a8d36d7648173e
            • Instruction Fuzzy Hash: 6A11C471500640AFEB22CF55DE49F66FBA8FF44320F14846AEE459B252D275A508CBB1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F02DE, Relevance: 1.6, APIs: 1, Instructions: 60registryCOMMON
            Download Yara Rule
            APIs
            • RegOpenKeyExA.KERNELBASE(?,00000E2C), ref: 055F0353
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: Open
            • String ID:
            • API String ID: 71445658-0
            • Opcode ID: eecb328ccd3c92e80a00fa507d637e7e7ce7af95075499e6842bd7258a73aa21
            • Instruction ID: ea27930836f77c1085becb0b4e7965fdd143c6c8573a840bc6078d8b8bb5bec1
            • Opcode Fuzzy Hash: eecb328ccd3c92e80a00fa507d637e7e7ce7af95075499e6842bd7258a73aa21
            • Instruction Fuzzy Hash: C111B231100600AFEB32DF15DD49F66FBA8FF04710F18859AEE455B292C275A508CBB1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F11FA, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
            Download Yara Rule
            APIs
            • DeleteFileA.KERNELBASE(?,00000E2C), ref: 055F1263
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: DeleteFile
            • String ID:
            • API String ID: 4033686569-0
            • Opcode ID: 0657e464e952a0c57d467d8c69b2ecfbb9387948063bb12ff99d89ebd343b469
            • Instruction ID: c7aacf9ca8154facdc97ad9b128dffa1535504f3803ff7e1298fea52fdfd6aee
            • Opcode Fuzzy Hash: 0657e464e952a0c57d467d8c69b2ecfbb9387948063bb12ff99d89ebd343b469
            • Instruction Fuzzy Hash: B0113A31100600AFFB21CB59DD45B7AFB98EF05320F14C45AEE459B282D274A404CBA1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 013BBB4F, Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON
            Download Yara Rule
            APIs
            • PostMessageW.USER32(?,?,?,?), ref: 013BBBB9
            Memory Dump Source
            • Source File: 0000000A.00000002.576050011.00000000013BA000.00000040.00000001.sdmp, Offset: 013BA000, based on PE: false
            Similarity
            • API ID: MessagePost
            • String ID:
            • API String ID: 410705778-0
            • Opcode ID: 32dd22bc115b2be63a5e81e9cf728acabd37eb3fdf366ce8c5e1b681266359f6
            • Instruction ID: 13566e3cf0ec9486e4fae9b382837caaa87882cfc09fa31b6c5312115f36488b
            • Opcode Fuzzy Hash: 32dd22bc115b2be63a5e81e9cf728acabd37eb3fdf366ce8c5e1b681266359f6
            • Instruction Fuzzy Hash: 5711D0355097C0AFDB228F25CC85B52FFB4EF16220F0885DEED858B663D265A458CB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 013BBE05, Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON
            Download Yara Rule
            APIs
            • DispatchMessageW.USER32(?), ref: 013BBE70
            Memory Dump Source
            • Source File: 0000000A.00000002.576050011.00000000013BA000.00000040.00000001.sdmp, Offset: 013BA000, based on PE: false
            Similarity
            • API ID: DispatchMessage
            • String ID:
            • API String ID: 2061451462-0
            • Opcode ID: a5784e555f5691e4de1fb4e94be0698cf1970bd4f69826ddbb95a4e85da5724a
            • Instruction ID: aa62476ebfb34c9ced56bfa51f58a5070ed3cad91629aecca647ddb15b67d57b
            • Opcode Fuzzy Hash: a5784e555f5691e4de1fb4e94be0698cf1970bd4f69826ddbb95a4e85da5724a
            • Instruction Fuzzy Hash: F7114F754093C09FDB138B259C84761BFB4EF47624F0984DADD854F263D2795848CB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 013BB71E, Relevance: 1.6, APIs: 1, Instructions: 57windowCOMMON
            Download Yara Rule
            APIs
            • CreateIconFromResourceEx.USER32 ref: 013BB78A
            Memory Dump Source
            • Source File: 0000000A.00000002.576050011.00000000013BA000.00000040.00000001.sdmp, Offset: 013BA000, based on PE: false
            Similarity
            • API ID: CreateFromIconResource
            • String ID:
            • API String ID: 3668623891-0
            • Opcode ID: 391f00c6c894777dfa73315e400c5068ab2f611e29eee789e16cdf60a9957884
            • Instruction ID: 5b5c10fbca8fcf6279d1296b269e375aed5707ed00386d13d70674a4317db3e8
            • Opcode Fuzzy Hash: 391f00c6c894777dfa73315e400c5068ab2f611e29eee789e16cdf60a9957884
            • Instruction Fuzzy Hash: 8D119031409380AFDB228F55DC84A52FFF4FF49220F08859EEA858B562D375A418CB61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 013BBEB4, Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON
            Download Yara Rule
            APIs
            • DeleteFileW.KERNELBASE(?), ref: 013BBF0C
            Memory Dump Source
            • Source File: 0000000A.00000002.576050011.00000000013BA000.00000040.00000001.sdmp, Offset: 013BA000, based on PE: false
            Similarity
            • API ID: DeleteFile
            • String ID:
            • API String ID: 4033686569-0
            • Opcode ID: d8613b639f7c7475943f636dc5e216b49393948c8c0770b2df680e3daf0fe7ea
            • Instruction ID: 29ae7eb8dff362726f8d742fbba1cc8e30e29ad5c89aa19340469c61cc05389b
            • Opcode Fuzzy Hash: d8613b639f7c7475943f636dc5e216b49393948c8c0770b2df680e3daf0fe7ea
            • Instruction Fuzzy Hash: 8711A7715053809FD711CF29DC85B56FFE8EF45220F0884AAED45CF656D275E448CB61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F12A7, Relevance: 1.6, APIs: 1, Instructions: 56COMMON
            Download Yara Rule
            APIs
            • GetSystemInfo.KERNELBASE(?), ref: 055F130C
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: InfoSystem
            • String ID:
            • API String ID: 31276548-0
            • Opcode ID: 140212fb785ed3b2e41a443bcf8d743f585222cbaa480ee7c6640ad6f9c358bc
            • Instruction ID: d894d7b6fb95e2f29143b82441c9a3497992cd011d432ca410a15b36f67f8c5c
            • Opcode Fuzzy Hash: 140212fb785ed3b2e41a443bcf8d743f585222cbaa480ee7c6640ad6f9c358bc
            • Instruction Fuzzy Hash: 311190714093C09FDB128B25DC44B52BFB4EF42224F0984DBED848F263C279A449CB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 013BA75B, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 0000000A.00000002.576050011.00000000013BA000.00000040.00000001.sdmp, Offset: 013BA000, based on PE: false
            Similarity
            • API ID: closesocket
            • String ID:
            • API String ID: 2781271927-0
            • Opcode ID: a6c671b2c57e8c67a09d6812caeb4add150da622786922d64f9b3bf44ff9b679
            • Instruction ID: 41e2c062b4278aa20baa96dd912baa08a5f25b406c9a0195f3d8fba6dd734dc3
            • Opcode Fuzzy Hash: a6c671b2c57e8c67a09d6812caeb4add150da622786922d64f9b3bf44ff9b679
            • Instruction Fuzzy Hash: 2A1190714493C49FDB128F15DC85752BFB4EF46224F1884DBED858F253D2799448CB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F104A, Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
            Download Yara Rule
            APIs
            • CopyFileW.KERNELBASE(?,?,?), ref: 055F1092
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: CopyFile
            • String ID:
            • API String ID: 1304948518-0
            • Opcode ID: 2f698e2fe5db302913ae4af5bbdaa52fc2742a780cca87895c0553b9cf769c2f
            • Instruction ID: aa187a9f208d5ccd83c097f9a1746217f3ce9eea6aeb713f941ba4ed36b4e11a
            • Opcode Fuzzy Hash: 2f698e2fe5db302913ae4af5bbdaa52fc2742a780cca87895c0553b9cf769c2f
            • Instruction Fuzzy Hash: A1115E75A04680DFDB21DF69D985B66FBE8FF14220F08C46ADE49CB642D674E404CB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F1432, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
            Download Yara Rule
            APIs
            • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 055F147A
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: LookupPrivilegeValue
            • String ID:
            • API String ID: 3899507212-0
            • Opcode ID: 2f698e2fe5db302913ae4af5bbdaa52fc2742a780cca87895c0553b9cf769c2f
            • Instruction ID: 4218a7ae3f964fd018b1c2dfea34329a4c0aff08033e94298132e2621478b808
            • Opcode Fuzzy Hash: 2f698e2fe5db302913ae4af5bbdaa52fc2742a780cca87895c0553b9cf769c2f
            • Instruction Fuzzy Hash: 5D115E71604640DFDB21CF29D989B66FBD8FF54220F08C46ADE49CB742D675E404CB61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F0CCE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
            Download Yara Rule
            APIs
            • CreateDirectoryW.KERNELBASE(?,?), ref: 055F0D13
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: CreateDirectory
            • String ID:
            • API String ID: 4241100979-0
            • Opcode ID: ff9de80a4898c5b2430a678d19b2c302393c6432c9b05f88196584be6955a3cf
            • Instruction ID: 59c1a44d3fc89232334e07159331a7ae6a2a7c3c5ba64379a9efefaffe50bfe2
            • Opcode Fuzzy Hash: ff9de80a4898c5b2430a678d19b2c302393c6432c9b05f88196584be6955a3cf
            • Instruction Fuzzy Hash: CE11A1756042408FDB10CF29D988B66FBD8FF04220F4CC4AADE4ACB297D274E404CB61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F0EA6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
            Download Yara Rule
            APIs
            • GetFileType.KERNELBASE(?,00000E2C,F78B9DE1,00000000,00000000,00000000,00000000), ref: 055F0EF9
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: FileType
            • String ID:
            • API String ID: 3081899298-0
            • Opcode ID: f61bd3694cd09e017397ae1b5585bbc9b459b51a5915f613eece9d696bb13c5e
            • Instruction ID: ff00762f69df70ba2668a0a12954af878d6475cca68b354ab302fd61921da6bf
            • Opcode Fuzzy Hash: f61bd3694cd09e017397ae1b5585bbc9b459b51a5915f613eece9d696bb13c5e
            • Instruction Fuzzy Hash: 2801F971504240AFE711CB19DE89F76FB9CEF05720F18C496EE459B292D274A504CBB1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F172E, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
            Download Yara Rule
            APIs
            • K32EnumProcesses.KERNEL32(?,?,?,F78B9DE1,00000000,?,?,?,?,?,?,?,?,72733C38), ref: 055F176E
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: EnumProcesses
            • String ID:
            • API String ID: 84517404-0
            • Opcode ID: fee22e29cd940797374563e279fa9bbd3f66516525a21cd74c895653adb4542c
            • Instruction ID: a60e2b54555fb46e09fc53e0e1a40fe9c50132267c8240650a6fa59ac28da50d
            • Opcode Fuzzy Hash: fee22e29cd940797374563e279fa9bbd3f66516525a21cd74c895653adb4542c
            • Instruction Fuzzy Hash: 1211C431505640CFDB11CF69D984B66FBE8FF44220F08C4AADE49CB212D230E404CF62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 013BA8CC, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
            Download Yara Rule
            APIs
            • SetWindowLongW.USER32(?,?,?), ref: 013BA926
            Memory Dump Source
            • Source File: 0000000A.00000002.576050011.00000000013BA000.00000040.00000001.sdmp, Offset: 013BA000, based on PE: false
            Similarity
            • API ID: LongWindow
            • String ID:
            • API String ID: 1378638983-0
            • Opcode ID: 6111d5ff84b65cd62da89fa03d190525545a8b5e63e85690abc3e99e648868c8
            • Instruction ID: 995f95e1371933c5c3b1ddd04adfde336cae10452008a0616d472a10e3166007
            • Opcode Fuzzy Hash: 6111d5ff84b65cd62da89fa03d190525545a8b5e63e85690abc3e99e648868c8
            • Instruction Fuzzy Hash: 5611CE354097849FCB228F15DC89B52FFB4EF06220F09C4DAEE854B263D275A808CB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 013BBED2, Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
            Download Yara Rule
            APIs
            • DeleteFileW.KERNELBASE(?), ref: 013BBF0C
            Memory Dump Source
            • Source File: 0000000A.00000002.576050011.00000000013BA000.00000040.00000001.sdmp, Offset: 013BA000, based on PE: false
            Similarity
            • API ID: DeleteFile
            • String ID:
            • API String ID: 4033686569-0
            • Opcode ID: 26c0c084c01bca78c518460a5d51c34a19e556c945145ec590b69424d52b366b
            • Instruction ID: 30c045f47eb3a2d945f1daa4c696576f60b8cf7939567a2334af8ed5dd3ebbb3
            • Opcode Fuzzy Hash: 26c0c084c01bca78c518460a5d51c34a19e556c945145ec590b69424d52b366b
            • Instruction Fuzzy Hash: FF01B5716042449FDB11CF29D9847A6FBD8DF40224F08C0AADE49CBB56E675D408CF62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 013BB746, Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
            Download Yara Rule
            APIs
            • CreateIconFromResourceEx.USER32 ref: 013BB78A
            Memory Dump Source
            • Source File: 0000000A.00000002.576050011.00000000013BA000.00000040.00000001.sdmp, Offset: 013BA000, based on PE: false
            Similarity
            • API ID: CreateFromIconResource
            • String ID:
            • API String ID: 3668623891-0
            • Opcode ID: 0ff80fe825cd61da1f1e792bf0a518e51177471e3ca50121f2229205c4cbcd01
            • Instruction ID: 7d29565848880ae8996dcf8d263f95bfbbbb9e80db6fadbe3e0edb150924e67c
            • Opcode Fuzzy Hash: 0ff80fe825cd61da1f1e792bf0a518e51177471e3ca50121f2229205c4cbcd01
            • Instruction Fuzzy Hash: 3D015E314046449FDB228F55D985B56FBE4EF08320F18C55ADE854BA16D275A018DB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 013BA546, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
            Download Yara Rule
            APIs
            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 013BA58A
            Memory Dump Source
            • Source File: 0000000A.00000002.576050011.00000000013BA000.00000040.00000001.sdmp, Offset: 013BA000, based on PE: false
            Similarity
            • API ID: DuplicateHandle
            • String ID:
            • API String ID: 3793708945-0
            • Opcode ID: 0218744ab4ddece7bbdb529014518baa3f2e3e9f86e94ef4ef0ccf6383f08fcc
            • Instruction ID: 49a5169d0b73c39d5f8344726ed1fdb8315c6eff7843248b6e87ccb8a02c4315
            • Opcode Fuzzy Hash: 0218744ab4ddece7bbdb529014518baa3f2e3e9f86e94ef4ef0ccf6383f08fcc
            • Instruction Fuzzy Hash: 93016D31404644DFDB228F99D984B56FFE4EF48320F08C59ADE894BA12D375A118CF62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 013BAF9A, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
            Download Yara Rule
            APIs
            • CreateActCtxA.KERNEL32(?,00000E2C,?,?), ref: 013BAFEA
            Memory Dump Source
            • Source File: 0000000A.00000002.576050011.00000000013BA000.00000040.00000001.sdmp, Offset: 013BA000, based on PE: false
            Similarity
            • API ID: Create
            • String ID:
            • API String ID: 2289755597-0
            • Opcode ID: e0a1ed1d5f5257fff15feda03b03af6d19d31cdf054cd78156d47554433cb11f
            • Instruction ID: 01992cd8068df79226022f2a8d70d21f52d318ba2e1ade532bb8de656efd5519
            • Opcode Fuzzy Hash: e0a1ed1d5f5257fff15feda03b03af6d19d31cdf054cd78156d47554433cb11f
            • Instruction Fuzzy Hash: AD01A275500600ABD650DF1ADC86B26FBE8FB88B20F14C15AED084B741D631F515CBE5
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F0232, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
            Download Yara Rule
            APIs
            • FindCloseChangeNotification.KERNELBASE(?), ref: 055F0264
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: ChangeCloseFindNotification
            • String ID:
            • API String ID: 2591292051-0
            • Opcode ID: 5c539132b8697739d00e42ec57c2ac01b7c6f8ce5e94a5dc1338158658be3b73
            • Instruction ID: fe632f19ac0ea3c81e04424d02e9acf090035c491f1005198d301f6215915847
            • Opcode Fuzzy Hash: 5c539132b8697739d00e42ec57c2ac01b7c6f8ce5e94a5dc1338158658be3b73
            • Instruction Fuzzy Hash: AD01DF319002409FDB11CF69D98876AFB94EF40220F0CC4ABDE4A8B693D274A408CBB2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F19DE, Relevance: 1.5, APIs: 1, Instructions: 43networkCOMMON
            Download Yara Rule
            APIs
            • DnsQuery_A.DNSAPI(?,00000E2C,?,?), ref: 055F1A2E
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: Query_
            • String ID:
            • API String ID: 428220571-0
            • Opcode ID: aad906bbde67158220e7de52f2defb0a5893fe4d8ef7edc79484d0941d298fb2
            • Instruction ID: d06303fb8312e128a8430ccbc4a74adff4f2e6b436f1ed994ae4daa952d933d6
            • Opcode Fuzzy Hash: aad906bbde67158220e7de52f2defb0a5893fe4d8ef7edc79484d0941d298fb2
            • Instruction Fuzzy Hash: E201A275500604ABD650DF1ADC86F26FBE8FB88B20F14C11AED084B741D671F515CBE5
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055F1682, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
            Download Yara Rule
            APIs
            • FindCloseChangeNotification.KERNELBASE(?), ref: 055F16B4
            Memory Dump Source
            • Source File: 0000000A.00000002.579176661.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
            Similarity
            • API ID: ChangeCloseFindNotification
            • String ID:
            • API String ID: 2591292051-0
            • Opcode ID: 40d423fd1e3ad72308d0f770edbe4836acbf091a8098e0d30839dbe892388f6c
            • Instruction ID: 6cac90d69c94fa4f16f31e1de9d4ac2854f7a5f29b98773f9d501d26fb10c7e0
            • Opcode Fuzzy Hash: 40d423fd1e3ad72308d0f770edbe4836acbf091a8098e0d30839dbe892388f6c
            • Instruction Fuzzy Hash: EA01DF31504640DFDB11CF69E988766FBA4EF40220F18C4AADE498BA42D274E408CBB2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 013BBB7E, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
            Download Yara Rule
            APIs
            • PostMessageW.USER32(?,?,?,?), ref: 013BBBB9
            Memory Dump Source
            • Source File: 0000000A.00000002.576050011.00000000013BA000.00000040.00000001.sdmp, Offset: 013BA000, based on PE: false
            Similarity
            • API ID: MessagePost
            • String ID:
            • API String ID: 410705778-0
            • Opcode ID: 7b1fbc5038bdc70c8df763df6d82e71774e1f3ff7cffa2e386e4fe239ea6f7da
            • Instruction ID: bd5c55d1f6bf0adb85dac557527c0ae1e7aaf72a27f03019996b094bcc57d000
            • Opcode Fuzzy Hash: 7b1fbc5038bdc70c8df763df6d82e71774e1f3ff7cffa2e386e4fe239ea6f7da
            • Instruction Fuzzy Hash: 2501B1355046449FDB21CF1AD984B65FBA4EF04324F08C49EDE454BA2AD671A418CB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 013BA78A, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 0000000A.00000002.576050011.00000000013BA000.00000040.00000001.sdmp, Offset: 013BA000, based on PE: false
            Similarity
            • API ID: closesocket
            • String ID:
            • API String ID: 2781271927-0
            • Opcode ID: 8d57e48b31c6cb5253abb11eeb66283d16c83e474298fb7bb113c1d034f9887a
            • Instruction ID: 9e70f8ef67ae65fe597a28fe15ebacf2ce2ef80e064ae65a07d6e291a7ad6277
            • Opcode Fuzzy Hash: 8d57e48b31c6cb5253abb11eeb66283d16c83e474298fb7bb113c1d034f9887a
            • Instruction Fuzzy Hash: 1001D6744046849FDB11CF59D9897A5FFE8EF44324F18C4AADE498FB03D275A404CBA2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 013BB806, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
            Download Yara Rule
            APIs
            • SendMessageW.USER32(?,?,?,?), ref: 013BB841
            Memory Dump Source
            • Source File: 0000000A.00000002.576050011.00000000013BA000.00000040.00000001.sdmp, Offset: 013BA000, based on PE: false
            Similarity
            • API ID: MessageSend
            • String ID:
            • API String ID: 3850602802-0
            • Opcode ID: 102e5cf53daece55ea64a1c7c04bb58e3d9162e95c3d2a335c24146a38cd2fe7
            • Instruction ID: 4b3ed622b54d01beae35085cb100a1ec78efe54d1a196293a36f78b08227be9f
            • Opcode Fuzzy Hash: 102e5cf53daece55ea64a1c7c04bb58e3d9162e95c3d2a335c24146a38cd2fe7
            • Instruction Fuzzy Hash: 0E01A231400684DFDB21CF5AD988B65FFA4EF04324F08C49EDE894BA26D275A418CFB2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 013BA8EE, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
            Download Yara Rule
            APIs
            • SetWindowLongW.USER32(?,?,?), ref: 013BA926
            Memory Dump Source
            • Source File: 0000000A.00000002.576050011.00000000013BA000.00000040.00000001.sdmp, Offset: 013BA000, based on PE: false
            Similarity
            • API ID: LongWindow
            • String ID:
            • API String ID: 1378638983-0
            • Opcode ID: 0bf64c4dd690a39627396f66ebdc7b145432f8209a00291025eb421a0df04abb
            • Instruction ID: d9f7d5fcd897d49dff6b430918ca6fb07fe1006edfb9c3f82adefad81d6b621a
            • Opcode Fuzzy Hash: 0bf64c4dd690a39627396f66ebdc7b145432f8209a00291025eb421a0df04abb
            • Instruction Fuzzy Hash: E501AD35800A48DFDB218F09D989791FFA4EF05324F08C4AADE8A0BA12D275A408DB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 013BBE3E, Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON
            Download Yara Rule
            APIs
            • DispatchMessageW.USER32(?), ref: 013BBE70
            Memory Dump Source
            • Source File: 0000000A.00000002.576050011.00000000013BA000.00000040.00000001.sdmp, Offset: 013BA000, based on PE: false
            Similarity
            • API ID: DispatchMessage
            • String ID:
            • API String ID: 2061451462-0
            • Opcode ID: a7d8b1cde1b4af9e9c2c6c143da5f556c97dbb6e2e72c73fd6380b42da425d49
            • Instruction ID: bc8b95c5593ad8c0388bb1e66c62ae8bfc741784d5b51c05d7c382931d42fecf
            • Opcode Fuzzy Hash: a7d8b1cde1b4af9e9c2c6c143da5f556c97dbb6e2e72c73fd6380b42da425d49
            • Instruction Fuzzy Hash: 57F0A435904684CFDB21CF09E988761FF94EF04325F08C49ADE894BB27D675A408CAA2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 013BA372, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
            Download Yara Rule
            APIs
            • SetErrorMode.KERNELBASE(?), ref: 013BA3A4
            Memory Dump Source
            • Source File: 0000000A.00000002.576050011.00000000013BA000.00000040.00000001.sdmp, Offset: 013BA000, based on PE: false
            Similarity
            • API ID: ErrorMode
            • String ID:
            • API String ID: 2340568224-0
            • Opcode ID: a7d8b1cde1b4af9e9c2c6c143da5f556c97dbb6e2e72c73fd6380b42da425d49
            • Instruction ID: bed0dd71b2413eccb3fbb239f5a2fffd1976e2b3be81d3b8d796c7a47b367d28
            • Opcode Fuzzy Hash: a7d8b1cde1b4af9e9c2c6c143da5f556c97dbb6e2e72c73fd6380b42da425d49
            • Instruction Fuzzy Hash: 49F0AF34505784DFDB21CF19D9887A5FFA4EF04325F58C09ADE494BB13E2B9A408CAA2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C2D58, Relevance: 1.4, Strings: 1, Instructions: 134COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID: 0-3916222277
            • Opcode ID: c08b8fd783ad6bab07ef514a22c1c47c507fd52292d4d89a6f4c11036a5a1199
            • Instruction ID: 8c649f68d5b035c945b0dd18af38d8e8a457cf1dddff676ea3362425b5d64b26
            • Opcode Fuzzy Hash: c08b8fd783ad6bab07ef514a22c1c47c507fd52292d4d89a6f4c11036a5a1199
            • Instruction Fuzzy Hash: CB41813CE08215DBCB90DA69C8845FEBFA3BBC2215B1584BFC496AB705C6F5E8438751
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C0BC0, Relevance: 1.4, Strings: 1, Instructions: 133COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID: hXMr
            • API String ID: 0-1185242784
            • Opcode ID: 4ff3bb7fbcadbdb2e9989173fc54b09ea3ab65e0de555f2cc6c1c40f1a3528f2
            • Instruction ID: e4f3f74813e24d0827be32b515e9f079c60a3aed3ed7c5439d68e92116c6cb51
            • Opcode Fuzzy Hash: 4ff3bb7fbcadbdb2e9989173fc54b09ea3ab65e0de555f2cc6c1c40f1a3528f2
            • Instruction Fuzzy Hash: 2641D235B05118CFC7599B68C4586EE7BE7AFC5310F1580AAE90AAF351CAB29C068792
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C0681, Relevance: 1.4, Strings: 1, Instructions: 132COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID: Z6q^
            • API String ID: 0-2307543383
            • Opcode ID: e2e73272e58d290325c5aae7b77f0f8e24674bda1c7d2f240a5a7f9483dfb4e8
            • Instruction ID: a9d1682357503d704837eca7a3304e2fe5feb7873646a144422c9b9ab19623d5
            • Opcode Fuzzy Hash: e2e73272e58d290325c5aae7b77f0f8e24674bda1c7d2f240a5a7f9483dfb4e8
            • Instruction Fuzzy Hash: 16418E342002018FD7296B39E85D5AE3B6BBFC0706B1546AAF807C72A8DF346C428F91
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C1458, Relevance: 1.4, Strings: 1, Instructions: 128COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID: $gq
            • API String ID: 0-815412418
            • Opcode ID: 20fd45958553853fb25c08fbf443b487a9aa4da7803304981ae641e4052d9b51
            • Instruction ID: da5c0fb08f962dbf5631d025a983faf97b2a20bb3a59bd3a8557176b7407c64f
            • Opcode Fuzzy Hash: 20fd45958553853fb25c08fbf443b487a9aa4da7803304981ae641e4052d9b51
            • Instruction Fuzzy Hash: 88511674A00219CFDB54DF64C8A4BADBBB2BF89300F5042EAD40AAB361CB759D85CF51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C1291, Relevance: 1.4, Strings: 1, Instructions: 101COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID: $gq
            • API String ID: 0-815412418
            • Opcode ID: 23900cb851b38ebb7e38e38931c2eacb1834fff3ca54c9ebc00e46d164490851
            • Instruction ID: 5dc4b7fa83a1ecbcfd6200c303c71894d15a869c29bc4b81b2df2a7a4acebcbc
            • Opcode Fuzzy Hash: 23900cb851b38ebb7e38e38931c2eacb1834fff3ca54c9ebc00e46d164490851
            • Instruction Fuzzy Hash: 35413978A04259CFDB54DB68C894BEDBBB2BF89304F0041DAD40AAB762DB309D85CF51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C21F8, Relevance: 1.3, Strings: 1, Instructions: 98COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID: r*+
            • API String ID: 0-3221063712
            • Opcode ID: e3d3ddc40eb592ae532d4b4807d565b4a6fa4140a370659fb968f262436f0505
            • Instruction ID: 5e10bf3f99b278deab8152e04e3f12ff69d7dd20d88e2c8874ae4b1577921cb2
            • Opcode Fuzzy Hash: e3d3ddc40eb592ae532d4b4807d565b4a6fa4140a370659fb968f262436f0505
            • Instruction Fuzzy Hash: CA411E38E08209DFCB98DBA5C1456FEBBB2FB84304F1081AED44397264DBB55A46CF51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C85F0, Relevance: 1.3, Strings: 1, Instructions: 98COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID: r*+
            • API String ID: 0-3221063712
            • Opcode ID: c0da279f7a2a4ca62780b66dba44e01db3dcfaee606efec4bb2188b6878e5226
            • Instruction ID: 46b58889820f0427754b4a4e1c085a8140bf414d40ce210018e455021f7bdf8d
            • Opcode Fuzzy Hash: c0da279f7a2a4ca62780b66dba44e01db3dcfaee606efec4bb2188b6878e5226
            • Instruction Fuzzy Hash: E3410C38E04209DFCB94DFA5C545AFEBFB2BB84304F1081ABD502A7261EB345A42CB51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C50E0, Relevance: 1.3, Strings: 1, Instructions: 92COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID: d@Lr
            • API String ID: 0-123544209
            • Opcode ID: f9a4ae184d047d14ac04caa0afa20583062a3ec1dec6a9ad3fc2f7aff08c7dab
            • Instruction ID: bde6d088837e065a0284ae5c6fb6b28d10c01c7b4efc0fe5516917bd4cbf12f5
            • Opcode Fuzzy Hash: f9a4ae184d047d14ac04caa0afa20583062a3ec1dec6a9ad3fc2f7aff08c7dab
            • Instruction Fuzzy Hash: 3C216D75E003099FDB44DBA9C4186EEBBF7AFC8300F54456AD406AB355EF70A946CB80
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C8430, Relevance: 1.3, Strings: 1, Instructions: 84COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID: ]D6q^
            • API String ID: 0-23051824
            • Opcode ID: 0717fba51ca7e13dcf59ce667d0479f4f3fe244ffd4c6ca1d698a8b36a32f4bc
            • Instruction ID: 83c624966d12143717f47393b0479ee6d303258a94faef484fa63f22df86762f
            • Opcode Fuzzy Hash: 0717fba51ca7e13dcf59ce667d0479f4f3fe244ffd4c6ca1d698a8b36a32f4bc
            • Instruction Fuzzy Hash: 4531AE34A14241CFC749EB78E4698AD3FA7EBC931171185AEE402DB265EF38AC42CB44
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CDC79, Relevance: 1.3, Strings: 1, Instructions: 79COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID: lq
            • API String ID: 0-573745274
            • Opcode ID: ce23bf50e6b54604a4b303b0a787e2369d480f5df7de55e48eb6b73b9372ce31
            • Instruction ID: 03833a2be50d2a258ce5e8cf7cae2f22258b0c8b954a4ccc1e7abafcbd465ad1
            • Opcode Fuzzy Hash: ce23bf50e6b54604a4b303b0a787e2369d480f5df7de55e48eb6b73b9372ce31
            • Instruction Fuzzy Hash: 6F219C79E04258DBC795DB6898406FABBF6BFCC314F1444BFD446AB340DB71A8428B90
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C50D0, Relevance: 1.3, Strings: 1, Instructions: 67COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID: d@Lr
            • API String ID: 0-123544209
            • Opcode ID: 1a8b3cf5d105a676651f1ff4010af67278190d8956e8fe8319149eba5e0f578c
            • Instruction ID: 68a4d58cf9f488f95057c41e0c837cddb536c6a491548c5657dc18cd73ce2e9a
            • Opcode Fuzzy Hash: 1a8b3cf5d105a676651f1ff4010af67278190d8956e8fe8319149eba5e0f578c
            • Instruction Fuzzy Hash: F7111975D103499FDB41CFA4C8186EEBFF2AFC9300F10456AC509BB255EB70698ACB90
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CC7B8, Relevance: 1.3, Strings: 1, Instructions: 60COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID: -?6q^
            • API String ID: 0-1152612706
            • Opcode ID: 0ce2015a58c5c5fed944988bc3a5fd7ce34bb8e212c6bf6a5e0d4ce7c2a058a4
            • Instruction ID: c4efc64653f36a8ba5ca9448d6c1870a65ee25bc8ce9fca546fb18a4a0e59e48
            • Opcode Fuzzy Hash: 0ce2015a58c5c5fed944988bc3a5fd7ce34bb8e212c6bf6a5e0d4ce7c2a058a4
            • Instruction Fuzzy Hash: BF112B35208241CBC305E77C92904ABBF93AFC660934488AFA15FDB751CF319C078B51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CC7C8, Relevance: 1.3, Strings: 1, Instructions: 59COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID: -?6q^
            • API String ID: 0-1152612706
            • Opcode ID: fa3b8b5a5898357b806cf8ccae1a9a9a123e453b97acc5a4fa87e345c018d504
            • Instruction ID: 90d3fd979ebef9eb76fc93047d15566e727285331fc753fc7515286f7709e836
            • Opcode Fuzzy Hash: fa3b8b5a5898357b806cf8ccae1a9a9a123e453b97acc5a4fa87e345c018d504
            • Instruction Fuzzy Hash: 8411C834308141CBC655E73D828057EBF93AFD6609794886EA11F9B751DF72EC078B91
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CC3B0, Relevance: 1.3, Strings: 1, Instructions: 56COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID: ]?6q^
            • API String ID: 0-3177290157
            • Opcode ID: 0dc39fc09be8d605b85cdb3312d8e83b15ce3d1327a3551784a72d5648d983d5
            • Instruction ID: 7db3b265a82756096148898a63ec5374c172c23f2b389185687a157f5980d0b7
            • Opcode Fuzzy Hash: 0dc39fc09be8d605b85cdb3312d8e83b15ce3d1327a3551784a72d5648d983d5
            • Instruction Fuzzy Hash: BC11E3343042209FD3059739A4A5B7E3B9BE7CDB01F0505A9E606DB748CE349C95CB94
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CA01F, Relevance: 1.3, Strings: 1, Instructions: 46COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID: Huq
            • API String ID: 0-1435254529
            • Opcode ID: eeb3904c1f6c6bf4c39ca8d977ba2a9eb0174ddb7a17fb81d5e6ecec54716898
            • Instruction ID: c8c163e93c6731429d62ac8d30e7356664abc5892de68a2ea6a325195d66693b
            • Opcode Fuzzy Hash: eeb3904c1f6c6bf4c39ca8d977ba2a9eb0174ddb7a17fb81d5e6ecec54716898
            • Instruction Fuzzy Hash: 1AF022353081849BC7559FBF59D06AC6F53ABCA27036843AEA10ADF2D2DD280C0B43A2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C7318, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID: Huq
            • API String ID: 0-1435254529
            • Opcode ID: 00630f5c435fe4c45e05b2802408d21d2938467008a1a2fc35029c4958bb4ed0
            • Instruction ID: 59115de4199e747eb853b03681671a46035208a6fc534e461da34f66ee816bbf
            • Opcode Fuzzy Hash: 00630f5c435fe4c45e05b2802408d21d2938467008a1a2fc35029c4958bb4ed0
            • Instruction Fuzzy Hash: 75F0283570824007C706976D4AE06FD2F43BBC513036807AFD50ADF2E6DD290C0783A1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C4710, Relevance: 1.3, Strings: 1, Instructions: 43COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID: X1q
            • API String ID: 0-4213818131
            • Opcode ID: b5cbd339fefa79df3ff13d844ea8d8aeb1f47c56a6ed6a4a55b8b17440a11eb0
            • Instruction ID: 56a7693bd4da9dcca5a2cf6a9094df01be502ad19d5f6bc2bbd8a3616f162ef9
            • Opcode Fuzzy Hash: b5cbd339fefa79df3ff13d844ea8d8aeb1f47c56a6ed6a4a55b8b17440a11eb0
            • Instruction Fuzzy Hash: 84F02B3A3012509BCE6456FA55203FE36CB9BC5762F5400BFE207D7750DD6E98424760
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C7328, Relevance: 1.3, Strings: 1, Instructions: 40COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID: Huq
            • API String ID: 0-1435254529
            • Opcode ID: 0f75ebe37f432cfd29ed72c533656c7a625233b229a792001c03441ea3d6bc8a
            • Instruction ID: f14ac48506ea59cf090e3611b315ccab0ef5171659564e818eae96ea9ba585a8
            • Opcode Fuzzy Hash: 0f75ebe37f432cfd29ed72c533656c7a625233b229a792001c03441ea3d6bc8a
            • Instruction Fuzzy Hash: 9DF0523130820413C654A66E5EC0ABE7A4BBBC4230368032FA90BDF3E5DE295C0287A2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C3B6B, Relevance: .4, Instructions: 445COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 69ea9b740d105984efbf93c163dc1d56a3a7ffc4a304dd573ac735579a9843e5
            • Instruction ID: 6a58b440cd1361f71e20d1132e4e184e9c9c91bf786c51d2f73c4d2b42a31104
            • Opcode Fuzzy Hash: 69ea9b740d105984efbf93c163dc1d56a3a7ffc4a304dd573ac735579a9843e5
            • Instruction Fuzzy Hash: D9F18075600105DFCB45CF68C5859EABFB2FF89310B19C9AAE9099F226D731ED42CB90
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C5F68, Relevance: .2, Instructions: 241COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d25c62ee4220e9ee6e011408b2d5ba3f6c2669375b628b52f0ffa2336c2b31da
            • Instruction ID: 31bddaf22557e96bebf442d3119b4b80776757038a1d9990e35b77aee5658a26
            • Opcode Fuzzy Hash: d25c62ee4220e9ee6e011408b2d5ba3f6c2669375b628b52f0ffa2336c2b31da
            • Instruction Fuzzy Hash: 7C817E35A00519CFCF55DF14C8909EABBB3AF85304F15C5EAD80AAF211DB71AA86CF90
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CAABF, Relevance: .2, Instructions: 229COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: eb826477261677bb928c4f1ff0952b9353ea954af4a4f28689a5afcc559809e0
            • Instruction ID: 67f6eda72d79c82b7a1d82560327e5d75f573fc16e99f7b1c76912d89250fdc7
            • Opcode Fuzzy Hash: eb826477261677bb928c4f1ff0952b9353ea954af4a4f28689a5afcc559809e0
            • Instruction Fuzzy Hash: C581E3307005168FC704EB6AC994AAE7BB3FFC8304F50866DD2069B795EF70AC068796
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CE380, Relevance: .2, Instructions: 218COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 01c948582fe04a1945ceb4d35e204393e7b39ee1bf577e3598466946bfcee267
            • Instruction ID: dcc630538054ef1e0e4a7e04c22ddc397717c933bc47bd70b75b1cef1194472a
            • Opcode Fuzzy Hash: 01c948582fe04a1945ceb4d35e204393e7b39ee1bf577e3598466946bfcee267
            • Instruction Fuzzy Hash: A981AF38A04115CFCB56CB99C4949FEBBBABB88310F1585EBE805DB291E734EC91C751
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CE0F0, Relevance: .2, Instructions: 164COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 64e65de249ccea00c2d683903dc9ee32b9a7ba9ea6b0ce0364c0345c4f8d8c0e
            • Instruction ID: 8d48c56811724d1aa1988f65bed99d77d1072e790e1f4100a6dc5c620866c485
            • Opcode Fuzzy Hash: 64e65de249ccea00c2d683903dc9ee32b9a7ba9ea6b0ce0364c0345c4f8d8c0e
            • Instruction Fuzzy Hash: 89519335A04119DFCF4ADF94C4449EEBBBBFF88310B0585AAE906AF211DB30AD56CB51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C7490, Relevance: .2, Instructions: 161COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 51875130ccb063dd723ac4c8b2147784ceff7bfb3f99e0b1620a0c353a7ba3db
            • Instruction ID: c56589e8273a587d9abb4d95c2c8b6f603f70bd66d3a2609f39d9260b7154f85
            • Opcode Fuzzy Hash: 51875130ccb063dd723ac4c8b2147784ceff7bfb3f99e0b1620a0c353a7ba3db
            • Instruction Fuzzy Hash: 60311831A0061ACFDF51CF64C954ADABBB2EF85304F5184D9D909BB215DB70AA8ACFC0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C70E0, Relevance: .2, Instructions: 159COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: deba3ea3c4d2ad98cfa888cc13348be17bd5288b4703d281c3b3766b74b70b72
            • Instruction ID: 1f0039de35bc1832f95445e8c4769a1adb7301efe335ac0ea5d4c107893f73e3
            • Opcode Fuzzy Hash: deba3ea3c4d2ad98cfa888cc13348be17bd5288b4703d281c3b3766b74b70b72
            • Instruction Fuzzy Hash: 32517C39B002158BCB58DBB9C4505EEBBF7BFC8300B1585AEC406AB355DE31AD42CB90
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C79D0, Relevance: .1, Instructions: 147COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f01db6b47d810f5959938d56aa92be9c13a2e613cf5c467e1233b774a2c89e08
            • Instruction ID: d976c1ff5b28fd3f559bde82bf03a694e924abd723ded254c09a891c0b415284
            • Opcode Fuzzy Hash: f01db6b47d810f5959938d56aa92be9c13a2e613cf5c467e1233b774a2c89e08
            • Instruction Fuzzy Hash: F451B179D046198FCB54CFA8C98459DBBF2FF88310F2086AED85AA7255E7316946CF40
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C7CA1, Relevance: .1, Instructions: 143COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ba4d90833d727852362d4de0128a5dcbbafa17bb6aeda459282cfa48bef993c7
            • Instruction ID: a93cc87cd343c8932f03e71527bfadec0bfdf47773edd7a097aafad9af8fc7b4
            • Opcode Fuzzy Hash: ba4d90833d727852362d4de0128a5dcbbafa17bb6aeda459282cfa48bef993c7
            • Instruction Fuzzy Hash: FF513B38A00215CFDB55DB74C688AADBBF2FF85300F5481AAD94ADB396DB309C41CB61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C82C8, Relevance: .1, Instructions: 127COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7002c9da53b5c5f601bee30a92a0efd2bed2cf67a76bda4823415e2ca8693d2f
            • Instruction ID: 50eef22474ffadfca7fabe633c863c5165d19c0bf3c3f0a11c08e0bd950c8d06
            • Opcode Fuzzy Hash: 7002c9da53b5c5f601bee30a92a0efd2bed2cf67a76bda4823415e2ca8693d2f
            • Instruction Fuzzy Hash: 6D419D39604156CFC744CBA8D5889EEBFB1FF88314F1082ABE4168B661D731AC56CB95
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C6C61, Relevance: .1, Instructions: 122COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fea238695c1e777474264a36def2dc9750fceffacd2ba14e37fa24e1136f259a
            • Instruction ID: fa58e30437a1a0d1bd0bcb9a7c701ac44937e76761a5d99dd4d064a589c44028
            • Opcode Fuzzy Hash: fea238695c1e777474264a36def2dc9750fceffacd2ba14e37fa24e1136f259a
            • Instruction Fuzzy Hash: A2418F38701200CFCB05EBBAD0644AE7BB6FB8D31175442AEE90697795DF7AAC81CB51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C6C70, Relevance: .1, Instructions: 115COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 140235e17abe92aacef790e4d24a39bd3529b4eaf89a4d2205e65e63f4422175
            • Instruction ID: 1dd541eb353c401b8f9c5f648a608ba30a54c4a01c422b87cba17816bc59939b
            • Opcode Fuzzy Hash: 140235e17abe92aacef790e4d24a39bd3529b4eaf89a4d2205e65e63f4422175
            • Instruction Fuzzy Hash: 2E418138701200CFCB05EBBAD0645AE7BA6FB8C311754427DE90697795DF7AAC81CB51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CAE60, Relevance: .1, Instructions: 115COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4e2e000776fc806b7306ac3c5629b5aa5e68be391bec1b103e0d3739e9c9dfa0
            • Instruction ID: d039a88e9754518cfe2b71d23204000e326cb7ad4bc440aff8f0a25a32c60b37
            • Opcode Fuzzy Hash: 4e2e000776fc806b7306ac3c5629b5aa5e68be391bec1b103e0d3739e9c9dfa0
            • Instruction Fuzzy Hash: AD31DF75B006698FCB14DBAAC8805AEBBF2FF88314B24856EF446D7744DA35EC41CB91
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C02D9, Relevance: .1, Instructions: 105COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6834dfe6c73c87a4a7df9fde93d4d920ef295edc872411b8d2a17ea32a216c80
            • Instruction ID: e933c201830bc9baf2e652a8ce685ef137409badd0955dd62c10a3e70cb182e6
            • Opcode Fuzzy Hash: 6834dfe6c73c87a4a7df9fde93d4d920ef295edc872411b8d2a17ea32a216c80
            • Instruction Fuzzy Hash: F5415F78A00205CFDB54CB58C558BEEBBB3BF89710F1440EED506AB3A1DB31AC418B55
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CE0E0, Relevance: .1, Instructions: 104COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1aff9685f70e4aad01390aa69578646b7d0405b604182178117f15d40bcc1a44
            • Instruction ID: 225e501b579f858baddd219b4e44a5bdf0c997919142cc9c72f2f01caaba1e12
            • Opcode Fuzzy Hash: 1aff9685f70e4aad01390aa69578646b7d0405b604182178117f15d40bcc1a44
            • Instruction Fuzzy Hash: B9318535A04209DFCF46DBA4C8549EE7FBBFF88300F0144AAE606AB251DB31AD25CB51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C20D0, Relevance: .1, Instructions: 100COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e7377e5e3452a42795bbfe4b661b9fe87891840d2851921a450aa63dacac1a18
            • Instruction ID: bc9f62fb4f7f27f473cfc2a018ceb54f70e4ff4d98c33987f33c1dd23746fd6f
            • Opcode Fuzzy Hash: e7377e5e3452a42795bbfe4b661b9fe87891840d2851921a450aa63dacac1a18
            • Instruction Fuzzy Hash: 2831613CA08245DFCB81DB68C8915BE7FB6FFC5300B1585ABC586AB245DBB19C42C791
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CDFC8, Relevance: .1, Instructions: 100COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4920caca9715d379113379b1ba49a3f2ede521531cb99d89f0ebb88cf4fc17f8
            • Instruction ID: 1978c02bc577ae8d8cf680e3a68163330a3ba1107eba9c2be51ea95bb51164c9
            • Opcode Fuzzy Hash: 4920caca9715d379113379b1ba49a3f2ede521531cb99d89f0ebb88cf4fc17f8
            • Instruction Fuzzy Hash: 44315E39A01214CFC795DF65C544AEEBBFABBC8210F1481AED40AA7341DB359C52CBD1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C43C0, Relevance: .1, Instructions: 98COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 03b9bf8c7b78cc7c8379649b1c3f914305c20e4cfb264058a49c9ad70674140b
            • Instruction ID: be2cdb38c93170aea1390dda789332c30a72d11d58cbf3067f298c1ed18ca27e
            • Opcode Fuzzy Hash: 03b9bf8c7b78cc7c8379649b1c3f914305c20e4cfb264058a49c9ad70674140b
            • Instruction Fuzzy Hash: 3C31D035100141CFCF51DF68DA688ED7BB6FF89300B1482EAE4069B26ADB36AC56DF50
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C70D0, Relevance: .1, Instructions: 96COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5d44e0acd0d27185752a8a7730a70f840194d38067f1434765348ba6b8d283d5
            • Instruction ID: a01ecf8d5df5e03d89786b24c31fa428b4449f8669a90588b05f6dc6f4286608
            • Opcode Fuzzy Hash: 5d44e0acd0d27185752a8a7730a70f840194d38067f1434765348ba6b8d283d5
            • Instruction Fuzzy Hash: 0D314C35E002498FCB49DBB9C4545EEBBF7EFC8300B14856ED81AAB355DA31AD46CB90
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CE7A0, Relevance: .1, Instructions: 96COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ab8eb31d85d673b31ed3387fc07ee5d349a484fb637b38b903851884915ef138
            • Instruction ID: a3bdb8c53849c37f47656af6df87b31f6ee4bcf78a491a1c952bfa18e3697c69
            • Opcode Fuzzy Hash: ab8eb31d85d673b31ed3387fc07ee5d349a484fb637b38b903851884915ef138
            • Instruction Fuzzy Hash: BD317C34B00205CFCB55DFB9C585AAEBBF6BB88200B50456EE506A7751DB35E842CBA0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C45C8, Relevance: .1, Instructions: 95COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6c68936e51cc392b02476d23a459756e7db5fefd7c0925e44c8539d0e9d468bd
            • Instruction ID: d7c9ebafb18dcf60f336b435302d1ece8cf239864f409143a918f7662c53a916
            • Opcode Fuzzy Hash: 6c68936e51cc392b02476d23a459756e7db5fefd7c0925e44c8539d0e9d468bd
            • Instruction Fuzzy Hash: F121F239B0011A9FDF84CAA8DE90AFFB7BEFBC8205F10416FD619D3244EA34590187A0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C55D9, Relevance: .1, Instructions: 94COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4df0c30d286c6f256f9bf33ecd5f8a79e6805063e81cd6e0a2467951d2b9a5a2
            • Instruction ID: 909d47e070d203b4f46728e56fc5fb407beb7691c2137a26ccbc81a04157fe99
            • Opcode Fuzzy Hash: 4df0c30d286c6f256f9bf33ecd5f8a79e6805063e81cd6e0a2467951d2b9a5a2
            • Instruction Fuzzy Hash: 0631F135B002009BCB549B7894557FEBFE6AFC4710F1800AFD406AB291DAB559428B90
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CCC20, Relevance: .1, Instructions: 94COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 85cc85c7137dbf7ef03c6f1e921c2894c07432bb50181fe484184acf5ae4a812
            • Instruction ID: f1c7b7fb6855ac23e2ec77f1df56fb995f6d9eef6e44564a842737ab847d65a8
            • Opcode Fuzzy Hash: 85cc85c7137dbf7ef03c6f1e921c2894c07432bb50181fe484184acf5ae4a812
            • Instruction Fuzzy Hash: 28315E38A04205CFDB98DB75C5985EEBFF7EBC8300F5485AEC426A7354DA35AC418B51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CEAC0, Relevance: .1, Instructions: 94COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c7d464c7d522320887979f77c19e7c2b7ba66c288604107bc80d32f597fc03da
            • Instruction ID: 3a240ab74903cbb94a1a82f56e33f8ec056d3373726df433b54ecd47f578433f
            • Opcode Fuzzy Hash: c7d464c7d522320887979f77c19e7c2b7ba66c288604107bc80d32f597fc03da
            • Instruction Fuzzy Hash: FA41F934504B51CED37ACB2AC5543A7BBE6BF84205F1488BEC09786BA4EB76E555CB00
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C85C0, Relevance: .1, Instructions: 88COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ee953d8b6a3b72c1cecb3f26ba8111222c56bd5429e99bf6d7c5da780ef5f9eb
            • Instruction ID: c69b7e3bc8368281f9d81a635796579825f8216fdd3363697902cf63530ea548
            • Opcode Fuzzy Hash: ee953d8b6a3b72c1cecb3f26ba8111222c56bd5429e99bf6d7c5da780ef5f9eb
            • Instruction Fuzzy Hash: B3316978A08289DFCB95CBB4C1566FE7FB1EF85304F1445EBD4029B2A2D6305942CB52
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CDDDC, Relevance: .1, Instructions: 88COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 89aad003040fd0348e5e8bf982b4984370a30c04ca6bb26aa4290a51969c01e3
            • Instruction ID: 5132c317b03bd56972420688ccbf3e483af1162d1f4f82df13c85069f1004aa4
            • Opcode Fuzzy Hash: 89aad003040fd0348e5e8bf982b4984370a30c04ca6bb26aa4290a51969c01e3
            • Instruction Fuzzy Hash: D7313A302006028FC756AB79D79016E77E3BFC52487A4892CD1468F76AEE76EC078B85
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C0006, Relevance: .1, Instructions: 87COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8b7466d8740d31b8d909b1c5f56f16a6334b298978b12eb92f2d186e02390131
            • Instruction ID: 9e72963e07fd4ac2a24ceba64d9055a2ae91a8df7dc7ca7ba4174845c9d567ab
            • Opcode Fuzzy Hash: 8b7466d8740d31b8d909b1c5f56f16a6334b298978b12eb92f2d186e02390131
            • Instruction Fuzzy Hash: 89318F7420D3C69FCB06DB78986549D7FB2AF82314B09499FD085CB257EB399C49CB12
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C43D0, Relevance: .1, Instructions: 87COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9989d67b84595faa729bf3110e5240ad82b77430dc6d9f2926cf2a50b650b1cd
            • Instruction ID: 4bf107d74071fae4268713e19bcbfd14d4014ddbc0da75c5c7ce035b77e229aa
            • Opcode Fuzzy Hash: 9989d67b84595faa729bf3110e5240ad82b77430dc6d9f2926cf2a50b650b1cd
            • Instruction Fuzzy Hash: 0B31E835100105CFCF11EF64DA688AD7BB7FF88305B1482AAE4069B269DB36BC56DF94
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C55E8, Relevance: .1, Instructions: 85COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b6f4a5fa73e459de5f90801331b4184868315fbdaccd496afedb1e95af6b473d
            • Instruction ID: 22b1865cf656cb822ec989307b4cee5fae0f7d7fcaf90d123129208de134f207
            • Opcode Fuzzy Hash: b6f4a5fa73e459de5f90801331b4184868315fbdaccd496afedb1e95af6b473d
            • Instruction Fuzzy Hash: A721FF35B002148FDB14AB79C4957EEBAE6AFC8710F1800AEE506EB390DFB559428B90
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CA748, Relevance: .1, Instructions: 81COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d59277acb9afe5d4591508ad9f70820aaf6e4e8371e88618dc31fbb66c993686
            • Instruction ID: d81248eb0ed1e224bd1170c9e3d1882749264cdfd598ec98a728f1cf7d5a32b2
            • Opcode Fuzzy Hash: d59277acb9afe5d4591508ad9f70820aaf6e4e8371e88618dc31fbb66c993686
            • Instruction Fuzzy Hash: 1B213274B042599BCB54DF75D8409EEBBB2BFC8754F1049AEE002AB240DB71AC42C7E0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C6A9E, Relevance: .1, Instructions: 79COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 85802d4924577dd3102c5fcd4d1c70a6bfa4bbfe711c380ca009355247033c76
            • Instruction ID: 103d6dae9dcc1bcc46a6742cfc7279da3b0f6021b5b99c897e431481888d53a1
            • Opcode Fuzzy Hash: 85802d4924577dd3102c5fcd4d1c70a6bfa4bbfe711c380ca009355247033c76
            • Instruction Fuzzy Hash: 80316434200201CBC716AB79D16C4AE3BA7EF89349354876DE606CB745EF36AC46CB81
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C21E8, Relevance: .1, Instructions: 77COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 321f5b34c121f609f10729222e91cd2a7ec128e1927dca355c9c9ffa48d38cbb
            • Instruction ID: 45aaf17be052928de1dd142340b9af605844e17e8663e04df3d42d9a719a069c
            • Opcode Fuzzy Hash: 321f5b34c121f609f10729222e91cd2a7ec128e1927dca355c9c9ffa48d38cbb
            • Instruction Fuzzy Hash: 5A313C3890C209DFCB98DBA4C1456FEBFB2FB85304F1041EED48397251DAB19A46CB52
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C5830, Relevance: .1, Instructions: 77COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8af7ac33e792546219150a071069b21ff013e0fe65c6047f78b13de23691c669
            • Instruction ID: b670ceb4762a2825311e65a094ba93c4baa6ae3205e6186f13231a8d8e557fed
            • Opcode Fuzzy Hash: 8af7ac33e792546219150a071069b21ff013e0fe65c6047f78b13de23691c669
            • Instruction Fuzzy Hash: 6A21CF38B011149BCB48E7B688544FFBFEBAFC9214B9045BFD0029B252DD64AC018761
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C25DE, Relevance: .1, Instructions: 75COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: baf10da6965813420451b4ce0ffb439df4e3b6a3c1e347fa9d9eb4d42fd625c5
            • Instruction ID: 3791700c0efa0c876497ac4d50208b0280cb53a80056c67954cf137c1bd1f8bf
            • Opcode Fuzzy Hash: baf10da6965813420451b4ce0ffb439df4e3b6a3c1e347fa9d9eb4d42fd625c5
            • Instruction Fuzzy Hash: 07318E38A04245CFDBA1CF65C54469AFBB2BF84318F10C6AEC046AB255DBF4A849CF51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C89D6, Relevance: .1, Instructions: 75COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1facff8ac33fbc7b7c799bcd59c81cc90ffce84c591401173dd3bbd576417eb3
            • Instruction ID: 9589ec105058fd88716a04c87ff07253cd78fc9dbac18f3a1860dabc5184cd68
            • Opcode Fuzzy Hash: 1facff8ac33fbc7b7c799bcd59c81cc90ffce84c591401173dd3bbd576417eb3
            • Instruction Fuzzy Hash: F231AE39A00249CFDB60CF65C445A9ABFB2FF88304F14D5AED4069B355DB74A886CF50
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C48B8, Relevance: .1, Instructions: 75COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9ddc8b04a3112f7acab6a27e46b50791bc11f40eeb2684039d283370dbad8fda
            • Instruction ID: 849f4e36069954e21628333d4211cece3000cd91565af71613574edf0684abdb
            • Opcode Fuzzy Hash: 9ddc8b04a3112f7acab6a27e46b50791bc11f40eeb2684039d283370dbad8fda
            • Instruction Fuzzy Hash: 8B112936B041659BCF54DA78D8605FEBFBBAFC6311B04407ED542BB251DE205E0787A1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C4F10, Relevance: .1, Instructions: 73COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7e8d307dca157c457f098432cf1fc29550ad2a73cfb38664e72cdb924634cf5d
            • Instruction ID: e569ce419a90cc3eb8b0bba8f84dc62510bdddb2bb0783184fbe2b71dd48a75b
            • Opcode Fuzzy Hash: 7e8d307dca157c457f098432cf1fc29550ad2a73cfb38664e72cdb924634cf5d
            • Instruction Fuzzy Hash: B621F3382091468BCB45E674E7B08B97F5BFBC8302B5496AFE0428715ECB395C438795
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CAE50, Relevance: .1, Instructions: 73COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c524045e4d6caca55f2c3cff1c0921654ecf7a4f11754b20d61b6cdadc387397
            • Instruction ID: 4cca07625eff9925f15aef0b320266778d713db169e68a0b84daf0a4b5469f61
            • Opcode Fuzzy Hash: c524045e4d6caca55f2c3cff1c0921654ecf7a4f11754b20d61b6cdadc387397
            • Instruction Fuzzy Hash: AB2184B5E042299FCB04CF9AD8544AEFBF5FB8D210B10416EE855E3350D730AD15CB90
            Uniqueness

            Uniqueness Score: -1.00%

            Function 02FB0844, Relevance: .1, Instructions: 71COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.577069048.0000000002FB0000.00000040.00000040.sdmp, Offset: 02FB0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8e24a49c9fd9b655f772c353a607c659ee85969313fef630903670dd46b8066a
            • Instruction ID: 4ae12560da53e9e52892e52e09d8e55564dca5d015562ff3dd7045fbb4d9b91e
            • Opcode Fuzzy Hash: 8e24a49c9fd9b655f772c353a607c659ee85969313fef630903670dd46b8066a
            • Instruction Fuzzy Hash: 9921A13550D3C08FD703CB20D960B55BFB1AF47214F2986EED8858B2A3D73A9806DB52
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C4510, Relevance: .1, Instructions: 70COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6ea44edf1a529c02d2689a4846849faff7f7d0dace74540692162ac623c46e77
            • Instruction ID: bddaf284186b64a6d89e3e1e76186a3eea91f9c1a2d68abd78c60ec07a5f0790
            • Opcode Fuzzy Hash: 6ea44edf1a529c02d2689a4846849faff7f7d0dace74540692162ac623c46e77
            • Instruction Fuzzy Hash: 1611E736E081549BCF45DAA994202FF7FA79FC6211F0440FFEA469B350DAA59C06C7D0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C5840, Relevance: .1, Instructions: 70COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c6b28d5eb32356756139035ffa2cdc98aacfd97cfe27cc74a059a886c9bb98db
            • Instruction ID: f942d83e82e8918b3b3f84285a2c177fa980b57a9598887c6e5c5581fd1d65bf
            • Opcode Fuzzy Hash: c6b28d5eb32356756139035ffa2cdc98aacfd97cfe27cc74a059a886c9bb98db
            • Instruction Fuzzy Hash: A811D038B001149BCB48E7BA88545FFBAEBEFC8214B9045BFD0139B351DD71AC014BA1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CA738, Relevance: .1, Instructions: 69COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e8f562261e3cdcb3de9b0c185cea2ee373a9f4132b81432937f2827945c3afd3
            • Instruction ID: 21bcc01d50740082f01d2b0d3851c879f773652d6b8d92804c1a472e50f65274
            • Opcode Fuzzy Hash: e8f562261e3cdcb3de9b0c185cea2ee373a9f4132b81432937f2827945c3afd3
            • Instruction Fuzzy Hash: 2311A538B041599BCB55DBB5D941AFE7BB3FBC8644F1445AEE002AB240E7319C0287A1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CE648, Relevance: .1, Instructions: 68COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 212557f755f90bd32d642a817ee5bd867ae5b6182a3783062de078897cd89807
            • Instruction ID: 7b0855a950dcc9c82a8e2d3513420b25ed823050849e1b95958c4aa03f8a7657
            • Opcode Fuzzy Hash: 212557f755f90bd32d642a817ee5bd867ae5b6182a3783062de078897cd89807
            • Instruction Fuzzy Hash: 35216F79B14104DFCB95DB69C5409FEBBFABBC8210B5081AFE40697340D731AD22CB92
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C5000, Relevance: .1, Instructions: 67COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 76173b82ec3feeda7a852293a0345447d118df5e2d1b1098c879e095abc8c992
            • Instruction ID: 316ed4edfb0e799f56f78872f9f3565e0719b219b9c2b0248d6f8d1d401e14ec
            • Opcode Fuzzy Hash: 76173b82ec3feeda7a852293a0345447d118df5e2d1b1098c879e095abc8c992
            • Instruction Fuzzy Hash: 6111A235B01151CFCB84EBBA95502EE7BA6EBC8340B4446BEC806D7341EF346D0287D6
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CE9D0, Relevance: .1, Instructions: 64COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b587bd2f1271929b1198057ae7a60601133f3d3c3134730b0e415758934beb05
            • Instruction ID: 1d1cd13f1dad1e9f78a0586f2032ad8cff803f5c61f624ab1543c8654a24e50e
            • Opcode Fuzzy Hash: b587bd2f1271929b1198057ae7a60601133f3d3c3134730b0e415758934beb05
            • Instruction Fuzzy Hash: C001DB3D20A290DFC7639628A8149E77F6BEBC22253044ADFE44A8B742D7279C578791
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CE638, Relevance: .1, Instructions: 63COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ff9451470a9f5e20a55bce46b456ccb1e78dc9d5552d9bf6b101c12672aae47e
            • Instruction ID: 74ab893612ef3a5ce9e51ce2a49b8dc805913a714eddec60bf71f44b69ba2981
            • Opcode Fuzzy Hash: ff9451470a9f5e20a55bce46b456ccb1e78dc9d5552d9bf6b101c12672aae47e
            • Instruction Fuzzy Hash: 2D11A279A14104DFCB91CF54C5459FABBFAFB88210B5081DFE406E3240D331AA22CB91
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C5730, Relevance: .1, Instructions: 61COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 050db10b339e87f33a27a11b3a6e794641bce59aef1a603146209cb31a35cb0d
            • Instruction ID: 2a98e02c0a227044173a9d9348a06ce9ce70694813a05e1c6ca3380b16263802
            • Opcode Fuzzy Hash: 050db10b339e87f33a27a11b3a6e794641bce59aef1a603146209cb31a35cb0d
            • Instruction Fuzzy Hash: D2119335A15205CBCB50DBB4E8916FE7BBAEB88340F10427BD401A6290D73AAC82CB50
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CC698, Relevance: .1, Instructions: 61COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2d7a376b00850a3c115e3aa7ca58f909179c3002b80e58b58e7152a84862e81b
            • Instruction ID: b99fef399a909f7e193fe4ad4d7a1243bf2d7057d85400eee78227416437318f
            • Opcode Fuzzy Hash: 2d7a376b00850a3c115e3aa7ca58f909179c3002b80e58b58e7152a84862e81b
            • Instruction Fuzzy Hash: 2D114639705015DBC788E769C494AAE7BE7EBC871071481AED41ADB350DF32AC028B95
            Uniqueness

            Uniqueness Score: -1.00%

            Function 02FB087C, Relevance: .1, Instructions: 59COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.577069048.0000000002FB0000.00000040.00000040.sdmp, Offset: 02FB0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4b1545ef853d7b92824c713bf11c728c2f1257807c6cd81bb2512866039ef68f
            • Instruction ID: b43f2269839d9f16748319d4146846c2df1b27e1672d4703bebbc6c85187e0b3
            • Opcode Fuzzy Hash: 4b1545ef853d7b92824c713bf11c728c2f1257807c6cd81bb2512866039ef68f
            • Instruction Fuzzy Hash: C611D235604280DFE716CB15C944F67BB91AF48708F24C99CEA490B743CB7BD802CA91
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CCA18, Relevance: .1, Instructions: 59COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 136770a0044046f5af362e0d24605b6f3886033a6b960908cfada14c83c8a25f
            • Instruction ID: 571c51a689520d01674aa7c45544d7b06274088ef0337f3093d95fc91cf6df97
            • Opcode Fuzzy Hash: 136770a0044046f5af362e0d24605b6f3886033a6b960908cfada14c83c8a25f
            • Instruction Fuzzy Hash: 28116D382106019FC768DA58C598E66F7A7FFC8614B14C5AED56E47B50CB72FC42CB90
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CDAE9, Relevance: .1, Instructions: 58COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d43bd4d391158c37d05bf992fed61f86f29290cda2ee4b5454abd22823b91304
            • Instruction ID: 4f3938e583cdf2c0fd08f56e57c7380dce461734c7557927eaed320974c0d7c8
            • Opcode Fuzzy Hash: d43bd4d391158c37d05bf992fed61f86f29290cda2ee4b5454abd22823b91304
            • Instruction Fuzzy Hash: 8B010430704264AFCB1527B688185AFBFDEAFCA214B5405BEE406D3242DD359C0183A1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C54F8, Relevance: .1, Instructions: 57COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 87fac5cb872aa6bc1d27112e8bca82972ef2ae0473c87dd370aff814f59ffc82
            • Instruction ID: 7b935220d54e8d95ae8182d24ac81f6b23a26fa5e95a97b2c5fe1b8a78a3cac6
            • Opcode Fuzzy Hash: 87fac5cb872aa6bc1d27112e8bca82972ef2ae0473c87dd370aff814f59ffc82
            • Instruction Fuzzy Hash: C2118B34A212458FCB94EB749461AFE7BBAEB88350F10066AD002A6264DB3A6942CF50
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C79C1, Relevance: .1, Instructions: 56COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 39d7b746843553988aa5202c7f1f16f34c6e5350fdcd8df2358c51056382947f
            • Instruction ID: fc518bf2739587c0009d08a38fdbd53893bc465a90c8069da447694e87042afb
            • Opcode Fuzzy Hash: 39d7b746843553988aa5202c7f1f16f34c6e5350fdcd8df2358c51056382947f
            • Instruction Fuzzy Hash: F011E3359081049FDF15CBA4D8446EABFF6EF89300F1444EED511A72A2D7326E4ACF91
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C4FF0, Relevance: .1, Instructions: 56COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e3f4fa8c3e215b2b0fd469939034a519d4def0b929b6a38d657280d0a799b67f
            • Instruction ID: 17733955673a00cbda999ea596719166b47c2ddb9948e739e21d06804d6ec90b
            • Opcode Fuzzy Hash: e3f4fa8c3e215b2b0fd469939034a519d4def0b929b6a38d657280d0a799b67f
            • Instruction Fuzzy Hash: E1018435A15145CFCB80DBB999522FE7FF5FBC9210B4482BFC905E7241EB2169428BD2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C11DF, Relevance: .1, Instructions: 54COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8cb36ff9582e3194dcbbef28216d4532667c478cb9af0e2544d4b8038448f24c
            • Instruction ID: f583e1475066ee106c6827686a4a3c0d14bb9fbdad815b7b8c51f0b091fd5053
            • Opcode Fuzzy Hash: 8cb36ff9582e3194dcbbef28216d4532667c478cb9af0e2544d4b8038448f24c
            • Instruction Fuzzy Hash: C3115E383081908FC74AD72CD4688A97FEAAFD660071551EFD047DB6B7CB669C0AC792
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C4788, Relevance: .1, Instructions: 53COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0f58bf38802875f0547d15c4d413fa9805fb32db6cc37d3a7f470ed52d1c5c36
            • Instruction ID: 0dcb75fbdd1c999d375df1b130f04047d6a7f12c7342068c54c1e152f1b193ed
            • Opcode Fuzzy Hash: 0f58bf38802875f0547d15c4d413fa9805fb32db6cc37d3a7f470ed52d1c5c36
            • Instruction Fuzzy Hash: CF018431F011558FCB95DF7884512EE7BF2EF88210F20847AC54AE7251EA354907CBA1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 013CAF34, Relevance: .1, Instructions: 52COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.576097331.00000000013C2000.00000040.00000001.sdmp, Offset: 013C2000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5239dd72db6ba845c7ed865dce8c8e9f41299b1be69733f22e27fd076e2d683e
            • Instruction ID: 68dc4586d81a944dff96024fcbd5895bea7d1d6702b219fac2b966c7d1349156
            • Opcode Fuzzy Hash: 5239dd72db6ba845c7ed865dce8c8e9f41299b1be69733f22e27fd076e2d683e
            • Instruction Fuzzy Hash: B011ECB5608341AFD750CF09D881A57FBE8EB98660F14C91EFD9897311D231E9048BA2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C7938, Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 87e30421c10c19dbacfabc0065befa9c96d702ec47f7566db01bf699b0bdca93
            • Instruction ID: 43fc34d037f448f1b8186f73456ae5f89b2cd5a5d821347f8d6598ca34a3bcb5
            • Opcode Fuzzy Hash: 87e30421c10c19dbacfabc0065befa9c96d702ec47f7566db01bf699b0bdca93
            • Instruction Fuzzy Hash: F6018C35A081048BEB95DA64C955AFFBFB7EBC4610F1444AFC057AB241CA71AD028F92
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C5740, Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 176d4b6906bafdc6c1cddf1396117b0f6812738f40b50d9921421d96a8f93cc0
            • Instruction ID: a0014c6804228a12b7693ae6f73101611ba52d982d2fb166501c0fed51c30fc5
            • Opcode Fuzzy Hash: 176d4b6906bafdc6c1cddf1396117b0f6812738f40b50d9921421d96a8f93cc0
            • Instruction Fuzzy Hash: A7118234A01205CFDB54DF70D9906FE7BB6FB88340F20026BE402A7294D73AAC81CBA0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CA398, Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5060cf2ddbb6c2c48ee129e2925c05971154dca6c68285fbe44875715135d8ed
            • Instruction ID: 4b1ee98e75903b1cee77d80be19246a423d3d87e29291b0c5943e34636542410
            • Opcode Fuzzy Hash: 5060cf2ddbb6c2c48ee129e2925c05971154dca6c68285fbe44875715135d8ed
            • Instruction Fuzzy Hash: AD01F535A0810CCBCB55DA56C964AFFBFB2ABC4214F1004EFC107A7651CBB16D029BD1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CDAF8, Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ef3b35b5741788ac7a7cb063d2e7f31bd15710d83d22683108d4e9809260a154
            • Instruction ID: 95216ff2d4f70860e189899b5d42a352f8406f1962925db04524209d5f81cea8
            • Opcode Fuzzy Hash: ef3b35b5741788ac7a7cb063d2e7f31bd15710d83d22683108d4e9809260a154
            • Instruction Fuzzy Hash: F701F235B002209FCB1827BA98085AF7ADEFBC8364B50457EE406D3342DD31AC0187A0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C792A, Relevance: .0, Instructions: 49COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b6512358150aa31a45678c23e8a2d1f0045f16e424bbe517c28906089ce138a4
            • Instruction ID: 9a8c8d36cf1ff2cd2bf943e62f913f85cfcb73ea7f7f397ad4d4655e61169589
            • Opcode Fuzzy Hash: b6512358150aa31a45678c23e8a2d1f0045f16e424bbe517c28906089ce138a4
            • Instruction Fuzzy Hash: 98018C34A081448BE795CB648566AFFBFF3DFC5210F1844EEC446AB751CA619C028F91
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C1209, Relevance: .0, Instructions: 48COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 93ce5eff62b8081287e16ad2646086fffa5465b5e93fb939cd8d83bbcbfdcbf1
            • Instruction ID: 064199f3afa407fe0d474a2e80bb3bad52d844dbad67041da282971b6364b0d6
            • Opcode Fuzzy Hash: 93ce5eff62b8081287e16ad2646086fffa5465b5e93fb939cd8d83bbcbfdcbf1
            • Instruction Fuzzy Hash: 62014C383081508FC649D72CD0988AA7FEAAFCA60071541EFE007CB666CA669C0AC782
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CC3A1, Relevance: .0, Instructions: 47COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 56d3acc6ecba107a4accfc80da507ddac0cc55698ef8a7ae589b92a57143842a
            • Instruction ID: 3c53bf315042d513c61af01da6d634f375580df8fafa847e98c218e2f784968b
            • Opcode Fuzzy Hash: 56d3acc6ecba107a4accfc80da507ddac0cc55698ef8a7ae589b92a57143842a
            • Instruction Fuzzy Hash: 7601F9343082509FD3059738E4556793BA7FB8D711F0506EAE506CB698CE345C95CB54
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CA870, Relevance: .0, Instructions: 46COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5bcb49155bb97131438e764f3287f7928e47e4db570ddfc46ca2db39d57847f4
            • Instruction ID: b8cd392e2865fc29b924bb70b4a64426698c8c53d1f875314d3f7b6ea9984e2a
            • Opcode Fuzzy Hash: 5bcb49155bb97131438e764f3287f7928e47e4db570ddfc46ca2db39d57847f4
            • Instruction Fuzzy Hash: 1A014F75E052198FCB90EBB9A8067EEBBF4EB88310F1041BBD609D3640EB3199558BD1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 02FB05CF, Relevance: .0, Instructions: 45COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.577069048.0000000002FB0000.00000040.00000040.sdmp, Offset: 02FB0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 57286ec6652018a0f72bab37d4445ad4ac5d2866cb99a4b11ba98a1fcd38ae73
            • Instruction ID: 4e3b9d5829a2044b07048bf17e6309b8d81df37733950e4e97ae3c39b36e5cbc
            • Opcode Fuzzy Hash: 57286ec6652018a0f72bab37d4445ad4ac5d2866cb99a4b11ba98a1fcd38ae73
            • Instruction Fuzzy Hash: 5101FE755097C05FC7128B1AEC41893FFF8DF4623070984ABEC8987313C125B549CBA1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C69A0, Relevance: .0, Instructions: 45COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 804ce27c2134a3c0d5b35fdf89265edb5d3e090fc12189bf47177bf8586a7a07
            • Instruction ID: cf05bb50d0a87b82f12eb71e3a3653ee49a166193184104697e7dda40f02b5b6
            • Opcode Fuzzy Hash: 804ce27c2134a3c0d5b35fdf89265edb5d3e090fc12189bf47177bf8586a7a07
            • Instruction Fuzzy Hash: 2B017C76A002089FDB50DAB9D8547EBBBF8EB88350F50427BC508D3240E7319991CBD1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CA861, Relevance: .0, Instructions: 45COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3384c759ad1a6dd2b8d974acf193bf90e9552b549831eb6f1e7d43e792078e10
            • Instruction ID: 030d859c5819cef5feb23945f80026fec98d90c62d52a464117f27573d8ae08d
            • Opcode Fuzzy Hash: 3384c759ad1a6dd2b8d974acf193bf90e9552b549831eb6f1e7d43e792078e10
            • Instruction Fuzzy Hash: 1501DF38E152098FCB40EB7998077FEBFF4EB88300F1041AAD905D3245EB308911CB90
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CA38B, Relevance: .0, Instructions: 45COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ff0afce9d665910dfd84a8d162906bf2c321f255457e60e5590b3f49ae18af7f
            • Instruction ID: 5551a1a6966b2aa33f439f807f30ed9550f9c4f946f4895b3feea1792f3b8f0d
            • Opcode Fuzzy Hash: ff0afce9d665910dfd84a8d162906bf2c321f255457e60e5590b3f49ae18af7f
            • Instruction Fuzzy Hash: 78019239A0820CCBC755CB65C6657FE7FB2ABC4200F1444EFC446AB651CBB55D039B81
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CA9E0, Relevance: .0, Instructions: 44COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 03d4a7ee57044fd5e44dd430f475aebe8c94db279f0ecaa30f6e272f255c3ee0
            • Instruction ID: ef6c6a7079558e49e893cea982d19462b5b4dfcb8a31256850914d4351ae977d
            • Opcode Fuzzy Hash: 03d4a7ee57044fd5e44dd430f475aebe8c94db279f0ecaa30f6e272f255c3ee0
            • Instruction Fuzzy Hash: C901D435304245CBC745E739E51A8AA3FA7EBCD21131442AEE50AC7766EF329C068795
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C6990, Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b89985bb638ba65e2e296ab8917870063dcf92694bc408facd05a8e7d5f33271
            • Instruction ID: 620f5b87eaeb1813cbb7e08b22ce573e4d73e47abb391358b77a02b03194d79c
            • Opcode Fuzzy Hash: b89985bb638ba65e2e296ab8917870063dcf92694bc408facd05a8e7d5f33271
            • Instruction Fuzzy Hash: 65019A72A002089FCB94DA7888557BBBFB9EB84340F51827FD405E7290EB718D81CF80
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C5BA1, Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5e32e1666cdbe0d6fb21e4e9b4b96777baa5fd941b118f7a00c6e28d8da94fe4
            • Instruction ID: 8ee514bb06af25e50e03ba2bbb9446ab45d7eb06dd1b4ef2c78dc84da03252fd
            • Opcode Fuzzy Hash: 5e32e1666cdbe0d6fb21e4e9b4b96777baa5fd941b118f7a00c6e28d8da94fe4
            • Instruction Fuzzy Hash: 42F0AF39E152059FCF90EBB958495FF7FF9AEC6511B1004FFD009E7241E66455028BA1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CEFD8, Relevance: .0, Instructions: 42COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ba619f14e0d49296c0a950658cfb35ce9171f9efc1452166ff5405f99ac45b8d
            • Instruction ID: 811030b5eb7b3a8e36414ba69d26cf60cc594f85acfd8f9669743d056ae74b75
            • Opcode Fuzzy Hash: ba619f14e0d49296c0a950658cfb35ce9171f9efc1452166ff5405f99ac45b8d
            • Instruction Fuzzy Hash: 47F0593EB492542FD745A2785C108FE3F5ADBC624430546DFE409CB342DD6A4C0687E1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C1218, Relevance: .0, Instructions: 42COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 77cadfc126044bf09cade19c4721915371c43b1353c07d301f2ab3622f8722cd
            • Instruction ID: 959d4716c27737c98cef78bf4f9ee971bb40a9db3fe5dd1316af77762eae956c
            • Opcode Fuzzy Hash: 77cadfc126044bf09cade19c4721915371c43b1353c07d301f2ab3622f8722cd
            • Instruction Fuzzy Hash: 38011D383040108BC648D72DD1589AABBEBBFC9701B2451EFE507DB766CF769C4A8786
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CEA4F, Relevance: .0, Instructions: 41COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 28e56f91268b5a8fa251b0604ffb39dc621072125fb674dbf5919c7ed9c0abc0
            • Instruction ID: 12fd874b06caf99153015f6934b08bad2d304adae47540204c9d9421e0b81dcf
            • Opcode Fuzzy Hash: 28e56f91268b5a8fa251b0604ffb39dc621072125fb674dbf5919c7ed9c0abc0
            • Instruction Fuzzy Hash: B7F0B46E5082906FD76381695889BF61F4EB7C5310F0942FFE54BCB343DA520C568361
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C5F59, Relevance: .0, Instructions: 40COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e7212d6209dc2e78e9b9818d4fa788b0dae31fc10cf11758c148eb0d98d53091
            • Instruction ID: c38f5d24b2de1d6094f339569eb92fb5d9086652350d62d34a53810564f9a5a3
            • Opcode Fuzzy Hash: e7212d6209dc2e78e9b9818d4fa788b0dae31fc10cf11758c148eb0d98d53091
            • Instruction Fuzzy Hash: E8F02438A141459BCF94923849226FEBFEBCBC4250F0400FFC986A7245DA216A0382D1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CA7D9, Relevance: .0, Instructions: 40COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: deed6549f237cc4258d61b1168ee6cdda0806d19872bee678a251279ba2d96df
            • Instruction ID: 7b52787e031ee575592f6721db9bfd31d67ab3b6477cac26a25dc06f273c9083
            • Opcode Fuzzy Hash: deed6549f237cc4258d61b1168ee6cdda0806d19872bee678a251279ba2d96df
            • Instruction Fuzzy Hash: 04F0F430B0025A8BCF05EBB4DA81AFEB326FFC8708F108A69E1019B245DB749C0187E1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C2F97, Relevance: .0, Instructions: 40COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3fbc50bd51ef6b89ed3d255b67d07129d597caea260ece2eb5d9d59dc2c8abac
            • Instruction ID: d61fd115271e4bae5322bf21036b57c4072d0ee8879b04499fee9343e71c10e9
            • Opcode Fuzzy Hash: 3fbc50bd51ef6b89ed3d255b67d07129d597caea260ece2eb5d9d59dc2c8abac
            • Instruction Fuzzy Hash: A9F0FC34F101499BDB4057B9D85AAEFBFFADFC1214F4184B9D941E7315EB3098068790
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C82B8, Relevance: .0, Instructions: 40COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 18831064bc16c6dfd7c05b4ed04a69be2115ffd1235dfa2e207fe8101f149e08
            • Instruction ID: cb19a953c1efaf15bbf6748c6893fdb9f6a1b3b623251b9ffc4ed9382e2f8447
            • Opcode Fuzzy Hash: 18831064bc16c6dfd7c05b4ed04a69be2115ffd1235dfa2e207fe8101f149e08
            • Instruction Fuzzy Hash: ABF0CD39A08214DFC784CBA898898EBBFB6EFC620070040FBD4039B252D230980387A9
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CA9F0, Relevance: .0, Instructions: 39COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e2b05cd98e826c3a55c2fd38178f70b86d920b9805a5f9e83e010c1d0cf32217
            • Instruction ID: 3dc8ec4f0756349ac20fc82b026976998e347784d1b4933e56ac06258cef140b
            • Opcode Fuzzy Hash: e2b05cd98e826c3a55c2fd38178f70b86d920b9805a5f9e83e010c1d0cf32217
            • Instruction Fuzzy Hash: 57F0F434304109CBC740E739D2198AA7BE7EBCD21171442BAE60BC7725EF32AC068795
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C63D0, Relevance: .0, Instructions: 37COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 224185a6160fa63141263d2be79cb72b8baa2d0ee4f09d084dac4bf0de3218b7
            • Instruction ID: da39ff649b10ebd944a9424d31262c418727194680a8ff01eb2d1f8055b233f3
            • Opcode Fuzzy Hash: 224185a6160fa63141263d2be79cb72b8baa2d0ee4f09d084dac4bf0de3218b7
            • Instruction Fuzzy Hash: 2FF0B439A14165AECBD4963858105FF7FE69BC5290F0180FFC906D7244EA2409029AD9
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C63E0, Relevance: .0, Instructions: 37COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cd0fbfc65e7d868411e4bba8d31370dde6565a5fc2a85fc8ba49ffba1697d5a1
            • Instruction ID: b4ffb6d924b1e4e3f7db61383376bd7ea063952fde77ac6b35573f51a9085d2a
            • Opcode Fuzzy Hash: cd0fbfc65e7d868411e4bba8d31370dde6565a5fc2a85fc8ba49ffba1697d5a1
            • Instruction Fuzzy Hash: 82F0BE38B081559B8B94923D68105FFBFAA87C9294F4280FBC90BD7244EE255A0386DA
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CC68A, Relevance: .0, Instructions: 37COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2e8ac0ded19fe27f299be5712276edcaf3d31461be3c1f89941b28160599c187
            • Instruction ID: 63cbc4ecec706da340187583fb97a3c47a3cc138114e2c0d724a4d12866ad31d
            • Opcode Fuzzy Hash: 2e8ac0ded19fe27f299be5712276edcaf3d31461be3c1f89941b28160599c187
            • Instruction Fuzzy Hash: C7F0273530A1906FC39A627E5814AAF3E9B8BC162031902AFF449DB351DE556C0283EA
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C45B8, Relevance: .0, Instructions: 35COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 95f7951dc76502ed654b936f07ac82dcefc9e11925c175c13a0c833df666d62e
            • Instruction ID: 6bac8fa0eaf9cb7a465c923c7a3b6cdb5119645251fd8c71b14c1044c1055b5c
            • Opcode Fuzzy Hash: 95f7951dc76502ed654b936f07ac82dcefc9e11925c175c13a0c833df666d62e
            • Instruction Fuzzy Hash: F1F0A730A0425D6FDB50D7AD9C56BBBBFFCEB89650F1000BAD54CD7145E221590583A1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C46A7, Relevance: .0, Instructions: 35COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 59c30e5b1c712faf519150e7d683d4d9770210537353e5c3a5a3f527f704b302
            • Instruction ID: e7bc66c7b56d25faa027544b71f96404ebb2101588882cf72fe07f48e9531924
            • Opcode Fuzzy Hash: 59c30e5b1c712faf519150e7d683d4d9770210537353e5c3a5a3f527f704b302
            • Instruction Fuzzy Hash: 8FF0A0303041905FCB9157B864666FE3FEAAF82216B1440EBE846CB266C91A8C038791
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C5B18, Relevance: .0, Instructions: 34COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1d24cd75230b71eb81b7a26f6bd27f29b3129231b83247e16fa99fb5e59c7442
            • Instruction ID: a16bf2510e3a617bb2f3749db20be0566c1f110a82bf6291f6cfaafc19583c57
            • Opcode Fuzzy Hash: 1d24cd75230b71eb81b7a26f6bd27f29b3129231b83247e16fa99fb5e59c7442
            • Instruction Fuzzy Hash: 59F027396082A04FC7A167B8002D1EEBFE65FC3500B0C40EFC0CACB643EA1198028745
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C9FB1, Relevance: .0, Instructions: 34COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0d68dae7f850cc4b9a3c1ce5f189e4dbb38a0c4c432ad22edc658352f86e114c
            • Instruction ID: 2ffb04fc8e549b60b5c0a854d6232f546b30964bee0861945a06ad846afb4aeb
            • Opcode Fuzzy Hash: 0d68dae7f850cc4b9a3c1ce5f189e4dbb38a0c4c432ad22edc658352f86e114c
            • Instruction Fuzzy Hash: B7F0FC353082419FC346D76894144A97F73DBC621531848BFD20ACB296DE35AC0B8751
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C0908, Relevance: .0, Instructions: 33COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4570662b27bdcad5e6af91eb1fc7baff95ac2e4c017e93c05f54cf0170f134d8
            • Instruction ID: c4531ee78ad2ee769e13e8df4c59947c120fa604bbf72ac22fc46bb32005246b
            • Opcode Fuzzy Hash: 4570662b27bdcad5e6af91eb1fc7baff95ac2e4c017e93c05f54cf0170f134d8
            • Instruction Fuzzy Hash: 86F0E23491A284DFDB9086B5482D6AF7FAB5BC2250B0444EB8C4B6B315C96458038352
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C0918, Relevance: .0, Instructions: 33COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 86787079f0a496aada37c87d5f9c1fc4eaafa5fb9d27a6abf09ae0e892e36686
            • Instruction ID: 7e414e6085cea5bccde5383d8898c78b4a569d68e6df75631cd144f3a489b088
            • Opcode Fuzzy Hash: 86787079f0a496aada37c87d5f9c1fc4eaafa5fb9d27a6abf09ae0e892e36686
            • Instruction Fuzzy Hash: F4E0553AE19218DADB908AF5990C2EFBFAAA7C0250F0005AB8D0FA7300D97448024292
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C4701, Relevance: .0, Instructions: 32COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 81317e1e0665e61547622d6b9e1e669f5f1502a3bbd8cdfda3f6b93ec157169d
            • Instruction ID: 36271c52902a0c36e1b478e6ac373d33742eecc0254d17d99c8f41d4d36332ca
            • Opcode Fuzzy Hash: 81317e1e0665e61547622d6b9e1e669f5f1502a3bbd8cdfda3f6b93ec157169d
            • Instruction Fuzzy Hash: DEE0223A20A2905FCB6252B515327F63FABCBC7622F5800FFE181CB2A2D8195C434360
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C3BC4, Relevance: .0, Instructions: 32COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 05976c66c04ab493545648791fd3a7d6108bde78798086514487daefc4fcac62
            • Instruction ID: fc81c49c8bdb8d9de774abe45bc52b67ed773414af60ffbb8791e566cee3d6ba
            • Opcode Fuzzy Hash: 05976c66c04ab493545648791fd3a7d6108bde78798086514487daefc4fcac62
            • Instruction Fuzzy Hash: 63F0BE39B08019CBCB41DF88D4981ECBB62FBC4320F208A9BD009DB146EB30AC828781
            Uniqueness

            Uniqueness Score: -1.00%

            Function 02FB0938, Relevance: .0, Instructions: 31COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.577069048.0000000002FB0000.00000040.00000040.sdmp, Offset: 02FB0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8d74a29df55c69f98ab7c4b2aae8ba2665a8ebae01658a76b7ab1be4c5fff073
            • Instruction ID: 6392aa406aaa7ad790e258b4f9c590dc5b0e928a4b2b31cea3ddc24e4138b490
            • Opcode Fuzzy Hash: 8d74a29df55c69f98ab7c4b2aae8ba2665a8ebae01658a76b7ab1be4c5fff073
            • Instruction Fuzzy Hash: 94F01D35204645DFD716CF00D540B56FBA2EB89718F24C6ADE9490B752C737D813DA81
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CAFA0, Relevance: .0, Instructions: 31COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ad019c57b9759a0830014b8948923e5c77992afc32365c4b526c5b1d1b64c46b
            • Instruction ID: 4b710d6eb005cd98db10b0fe201a427c8f6bc3ba00edc20bd2afc1914f1747aa
            • Opcode Fuzzy Hash: ad019c57b9759a0830014b8948923e5c77992afc32365c4b526c5b1d1b64c46b
            • Instruction Fuzzy Hash: B9E0E57E605B004FC3259EAAB801493FBE5BAC03213088B7FE19987506D77059059BA4
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CC9BE, Relevance: .0, Instructions: 30COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f20aea788262285b9388e222845656481808b2884c2bac5c5362c4293e55024f
            • Instruction ID: a97fdd5441f8fd8c0f9e5172c6edc3bb29b056be63f9b44f1ed05b5240652463
            • Opcode Fuzzy Hash: f20aea788262285b9388e222845656481808b2884c2bac5c5362c4293e55024f
            • Instruction Fuzzy Hash: B0E0222A3481D18FC656923880A04FF3FA7AFCA0A131900EFE14BCBA50DE114C02C352
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CDF37, Relevance: .0, Instructions: 30COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 336fc7495f7879ebb2a2887b64a5a41c5932f76e3e3093064f7106b64280320b
            • Instruction ID: e154fce4da66df5e501fec97d7d5796afe22ef2b1542814f4c6445412cb3d06e
            • Opcode Fuzzy Hash: 336fc7495f7879ebb2a2887b64a5a41c5932f76e3e3093064f7106b64280320b
            • Instruction Fuzzy Hash: 66F027353086908BC312C22C85204AA7F63AFC661430488FFD44A8B742DA32DC0687D1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C9FC8, Relevance: .0, Instructions: 30COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1d1555170f540699c67757ea48da3cd17824b0c79cf23f8f11027f0fe26e3b7f
            • Instruction ID: abc4bf8a3d7c311d01ef1c565c5e48ed20a08c6a9599bbf716f088bb928bee33
            • Opcode Fuzzy Hash: 1d1555170f540699c67757ea48da3cd17824b0c79cf23f8f11027f0fe26e3b7f
            • Instruction Fuzzy Hash: 78F0A735304101ABC745A66DA4448AD7BA7EBC9315354897DE20ACB355DE32AC078791
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C57A2, Relevance: .0, Instructions: 29COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8a5d9285202d22993b8a1a39e0edabbdbf89e56b51fada8c8d2ca957e018cd7e
            • Instruction ID: c713e48aa948c963b46b2c2871be87fb71fb65a197dd84a7d06189e6af2b98ac
            • Opcode Fuzzy Hash: 8a5d9285202d22993b8a1a39e0edabbdbf89e56b51fada8c8d2ca957e018cd7e
            • Instruction Fuzzy Hash: 0CF0A038B05000CBCF84EBB9E9642FC3B66AFC4200F5086BFD00697181EF2468428765
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C72B7, Relevance: .0, Instructions: 29COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9ddc0f489c9c58985f0d16ef282c75fc28f255ec3fbfb6768300055bd6c0b77f
            • Instruction ID: e457630acdf749f06adac3edd0c17110d4d38fb83055570786cfe55e17652b7d
            • Opcode Fuzzy Hash: 9ddc0f489c9c58985f0d16ef282c75fc28f255ec3fbfb6768300055bd6c0b77f
            • Instruction Fuzzy Hash: 32E06538B051505FCB94B3FE94283EE6A569FD0A14F8044BEC50ADB781EE945C018B93
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CA920, Relevance: .0, Instructions: 28COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f8e551d8cdde333a065f0c50ca54f053a7d432a770ae876bacff70c2019cce2f
            • Instruction ID: f97c9fce0d24189c9f2721dbed3a5cce2364186a79f2508e70a91c2bab39b471
            • Opcode Fuzzy Hash: f8e551d8cdde333a065f0c50ca54f053a7d432a770ae876bacff70c2019cce2f
            • Instruction Fuzzy Hash: CDE065397492848FC78153F8562B2BC7FE6DECA50131949EFD556DF265DD2188038312
            Uniqueness

            Uniqueness Score: -1.00%

            Function 02FB05F6, Relevance: .0, Instructions: 27COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.577069048.0000000002FB0000.00000040.00000040.sdmp, Offset: 02FB0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 37e41776b876e1da98bcd1a4dc6c7b120279b193eca10789d98361767fc7f1eb
            • Instruction ID: c169f9336a8167e89f850ae77e0bfe70d145aef1f31739c8f5f84cc2a5a38db0
            • Opcode Fuzzy Hash: 37e41776b876e1da98bcd1a4dc6c7b120279b193eca10789d98361767fc7f1eb
            • Instruction Fuzzy Hash: 57E092766446008BDA50CF0BEC85452F7D8EB84630718C07FDC0D8B700D535B504CEA5
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C8558, Relevance: .0, Instructions: 27COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ec156e6ad23d91723d06e35ba899f532d52c0cbf02a2ce0c8d75647fa278b3b3
            • Instruction ID: 6835f6993822bb22276b21b40eb09583bd821804229c52a54fb6b3e3e65bb43c
            • Opcode Fuzzy Hash: ec156e6ad23d91723d06e35ba899f532d52c0cbf02a2ce0c8d75647fa278b3b3
            • Instruction Fuzzy Hash: A2E0E53AE0A251CBCBA60BB0A9254B43FF6E78D76171541EFD842D7309DA754C058FD1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C6381, Relevance: .0, Instructions: 27COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 571fa99439839b140b97aac3019460a990ddddd0399f289df340e1fafe048c56
            • Instruction ID: e68497fb9fbf35e92b895ed3b543f2f70051595e28d45ea9f757ba5b490a3f7c
            • Opcode Fuzzy Hash: 571fa99439839b140b97aac3019460a990ddddd0399f289df340e1fafe048c56
            • Instruction Fuzzy Hash: 10E0DF2521C0948FD70026FC5405AF83F9FDFC2310B0A80EFD986CB263CA8A9C438396
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CCA09, Relevance: .0, Instructions: 27COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 15a6b4ce3c853fead9af54b6bb138b1f14fa565c526552943a8a52c1576be275
            • Instruction ID: 40ae007c80e60e701e2303b8d3d601dca52f7387559aba6edaaabca84d12b1b4
            • Opcode Fuzzy Hash: 15a6b4ce3c853fead9af54b6bb138b1f14fa565c526552943a8a52c1576be275
            • Instruction Fuzzy Hash: 22E0E534205151AFC315D614D8A5C72BBA6EFC9220304C5EFE44A87741C775AC42CB90
            Uniqueness

            Uniqueness Score: -1.00%

            Function 013CAF83, Relevance: .0, Instructions: 26COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.576097331.00000000013C2000.00000040.00000001.sdmp, Offset: 013C2000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c7237e96899cdb6e2892a7d76bf846d59789317a4afa6c1bf65f078387a93d1d
            • Instruction ID: 82c1e749a3f55d8773b41ce4cbe9d994082f86357c27e8cb7495a1a20860c8cd
            • Opcode Fuzzy Hash: c7237e96899cdb6e2892a7d76bf846d59789317a4afa6c1bf65f078387a93d1d
            • Instruction Fuzzy Hash: CEE0D87260124467D6108E0B9C85B12FB58EB50A30F18C55BED0C1B302E171B504DAF5
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C8568, Relevance: .0, Instructions: 26COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dc4dd8298843ee76a0320f1d97352b25f8c180c0c28a335a043ace7c184b588c
            • Instruction ID: 8c5098486ed11cb8d5012a23f4eea83d93923773dd99d9a017bc7be1ccda825f
            • Opcode Fuzzy Hash: dc4dd8298843ee76a0320f1d97352b25f8c180c0c28a335a043ace7c184b588c
            • Instruction Fuzzy Hash: D5E09239F0112587CBA45BB8A9245B97AEEE7CC7A1B1501AFE807E7304DEB18C408BD1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CE9E0, Relevance: .0, Instructions: 26COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 223c65b33f859c0e6995d3eda2b2faababb4c9bed62410e62cd3f2a7e79a8dab
            • Instruction ID: dd496db1fa3a401e270f105704ebf6a0e9e02454441435adefdb346a8268c112
            • Opcode Fuzzy Hash: 223c65b33f859c0e6995d3eda2b2faababb4c9bed62410e62cd3f2a7e79a8dab
            • Instruction Fuzzy Hash: 2AE0DF392006208BC662D66ED4208AB7F9FEBC1A6430088AFD50A8B300EF33EC0647D0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CBC08, Relevance: .0, Instructions: 26COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 80a03b41bd297a13732de4ee85c3db7d84f3a52535ebf1b3cd9145495db6636b
            • Instruction ID: bb17303e6e12a069759304d2d49dae6cafaed6c93faa20231c2aba6831d049e8
            • Opcode Fuzzy Hash: 80a03b41bd297a13732de4ee85c3db7d84f3a52535ebf1b3cd9145495db6636b
            • Instruction Fuzzy Hash: E2F01C39200B049F8330CF5AD541C93FBF6EFC562039089AEE59A83B10C770F8058B61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CDF48, Relevance: .0, Instructions: 26COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c9109a006dcdc79bcf1bfed544185dfa09827265f5b882adce15b3e3749d9790
            • Instruction ID: 0aa49672a98b60e83bd0c2ab70603f7221ce2c27a7d4c23acc7bbd7db10b5f04
            • Opcode Fuzzy Hash: c9109a006dcdc79bcf1bfed544185dfa09827265f5b882adce15b3e3749d9790
            • Instruction Fuzzy Hash: 6FE0203570015047C211D65DC5209AF7F9BEBC5A2430088BFD50E8B740EE32EC0387D1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CC9D0, Relevance: .0, Instructions: 24COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fdbf9377239517907e90729107e5eddbc856b65a189070aeaaf2893010ae7402
            • Instruction ID: 7e7facd3e057b3547d4efb290fa34d8bf49bb99121c2174dc5af0a4a530653fa
            • Opcode Fuzzy Hash: fdbf9377239517907e90729107e5eddbc856b65a189070aeaaf2893010ae7402
            • Instruction Fuzzy Hash: 71E0C2393140549B8554E21E80944FF3A8BABC54A271401AFE11BCB710ED429C028392
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C6360, Relevance: .0, Instructions: 24COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4c65093ade719a99478babd94b9f6ffb73df8aad3e0272d11bfb577881f565c0
            • Instruction ID: 628318b2dc6371b9f9b3f98a83f17bb3c278baf970d4ec008351e83f83f95fd0
            • Opcode Fuzzy Hash: 4c65093ade719a99478babd94b9f6ffb73df8aad3e0272d11bfb577881f565c0
            • Instruction Fuzzy Hash: 91E0867A60C0518FD75127AC14146E93F56ABC5369B4E40EFC88ACB326C6184C525742
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CDF88, Relevance: .0, Instructions: 23COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 94b0f68b221f5bed82af698f909d1825f1bb23174a733406502ba0a0881c1c46
            • Instruction ID: fdfc43cb7ffe0602f3adf40c1435201725a70608d581b80009d344f4ec2da95e
            • Opcode Fuzzy Hash: 94b0f68b221f5bed82af698f909d1825f1bb23174a733406502ba0a0881c1c46
            • Instruction Fuzzy Hash: 0DE04F7950A2E0DEC392E62454145F27F77BB8921530445FFF48B8B14DCA358883C792
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CEAB0, Relevance: .0, Instructions: 23COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f2a4fed7949743bc1ecd80aa93b898ad2dd55c9ccc8b69b88aa04c90ff596a5b
            • Instruction ID: 8a9b1691cc92c73c7b49e102d8a7f0d592f93baba32feae6bf084c6660c3494b
            • Opcode Fuzzy Hash: f2a4fed7949743bc1ecd80aa93b898ad2dd55c9ccc8b69b88aa04c90ff596a5b
            • Instruction Fuzzy Hash: 7BE02B3D606290DFC75371743D058FA3F29D54121270002FFE809CB201E365CE66C7A2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C6390, Relevance: .0, Instructions: 20COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b2744bdc96dfc41d5d608dac6e436618af45fb033066f620d40015d71590ee71
            • Instruction ID: 1d1f7c73c0fd58c3af419572ec5d9c0052ffaf89b28236f0f910039efd327e19
            • Opcode Fuzzy Hash: b2744bdc96dfc41d5d608dac6e436618af45fb033066f620d40015d71590ee71
            • Instruction Fuzzy Hash: 93D02B3520C025CBD65025DC9004AE93D8F97C0710F0540FFDA0BC2352CAD75C4043D7
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C7450, Relevance: .0, Instructions: 19COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ec6cb13279748aeb6be0613edbefdead8e7ec4f6131cc8363a134544fa5a7520
            • Instruction ID: 2491d4ae8bead2252397c361ba0e05cc86e6123e61cf6576d33711b2913c08f4
            • Opcode Fuzzy Hash: ec6cb13279748aeb6be0613edbefdead8e7ec4f6131cc8363a134544fa5a7520
            • Instruction Fuzzy Hash: B6D0C23800C360CBCBB6C774D404AF27F9AEBC1748F0445DFC08305A20C666A085EF9A
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CEFE8, Relevance: .0, Instructions: 19COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 663a07de16792e9f0fd1218ee4cfeee87ce913dd5fbb7f180a2fb2f4f9549c61
            • Instruction ID: 0c092c5dfbd0bec609ff882fa9881439298604e7afe3f72edc879792e0042d52
            • Opcode Fuzzy Hash: 663a07de16792e9f0fd1218ee4cfeee87ce913dd5fbb7f180a2fb2f4f9549c61
            • Instruction Fuzzy Hash: BBD0A73534412417E904E5BDCC508FA738EDBD9958305886EE50ADB340CD66EC0687D0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C57F6, Relevance: .0, Instructions: 19COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2be61b10451c11b904927cd38bc4ebdff0b92d91d2322f162edf29c919754e3d
            • Instruction ID: 8fb54f154f17b5779325e0edc4035ce9ad2f460f2f1fce5122e17ccd9683fc48
            • Opcode Fuzzy Hash: 2be61b10451c11b904927cd38bc4ebdff0b92d91d2322f162edf29c919754e3d
            • Instruction Fuzzy Hash: 57D0EC39A05004CBCA84E6E9AA191FC7F669BC4124B4058BBC11696142DE60141747A5
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CDF98, Relevance: .0, Instructions: 19COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e99de48e2d1aaf89af4f6ce471094d41795fd21fda976c6319093630a7fd32c7
            • Instruction ID: ac4877e77add6ad016a3c881b2d093d3d960439e784fed52c2dcb559f3678d7c
            • Opcode Fuzzy Hash: e99de48e2d1aaf89af4f6ce471094d41795fd21fda976c6319093630a7fd32c7
            • Instruction Fuzzy Hash: E3D05B35909250DBC6E4E55550009F3BE9ABFC861570044FFF44F8350CC671980383D1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C02A1, Relevance: .0, Instructions: 19COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fe344e8bfd86fe8f6506376e95e7d768836c3402d0bab6a1c86060a31a099814
            • Instruction ID: cf6705b7d0fe25b6e9f9b51e5bbcbb34f04a36a749415b9f4d896efb15a36f74
            • Opcode Fuzzy Hash: fe344e8bfd86fe8f6506376e95e7d768836c3402d0bab6a1c86060a31a099814
            • Instruction Fuzzy Hash: EDD05E39119240CFC2969728A69B4E57FF6FF8A600305C8DFE08BD761AC7207C4B8B40
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C016F, Relevance: .0, Instructions: 18COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d94ce0b284de6ac6b1122116fd7d69b7ed5cb98357a2b1f44382effb224bb334
            • Instruction ID: b9b79ed386db622ade8b5f4fdea5f94d0476dd7e3c49751ab6be2a58b0844933
            • Opcode Fuzzy Hash: d94ce0b284de6ac6b1122116fd7d69b7ed5cb98357a2b1f44382effb224bb334
            • Instruction Fuzzy Hash: 4BD02B32201700CFCB041734D45A16C33BA9B45321B000679D4228BBE4DE3BE8D5C700
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C0650, Relevance: .0, Instructions: 18COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4b5d389f40041dfdee1a62aa0a739c9a8754ab64a286696335608b5916ed1f10
            • Instruction ID: 14b0db006e189f4af9e918f3db77c2122eb6e7a3c765923ec8a19b3b00ccf134
            • Opcode Fuzzy Hash: 4b5d389f40041dfdee1a62aa0a739c9a8754ab64a286696335608b5916ed1f10
            • Instruction Fuzzy Hash: 23D05E3108E3848EC24657B518191ED7F675AE2214B4488EBD88446826C57634939752
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CF020, Relevance: .0, Instructions: 17COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bc841fee4bf4f2e45731e234c122b2c4d5495defa7dee14c114021dafb1a5958
            • Instruction ID: 21168865a314217e5dfbebfe9644e7b80e4d878f49779564d4ab6cb240b3228d
            • Opcode Fuzzy Hash: bc841fee4bf4f2e45731e234c122b2c4d5495defa7dee14c114021dafb1a5958
            • Instruction Fuzzy Hash: A3D0126EA0E7C85FC68633742C2D8E53F29494628070987D7F85887243BC961D558763
            Uniqueness

            Uniqueness Score: -1.00%

            Function 013B23F4, Relevance: .0, Instructions: 15COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.576016761.00000000013B2000.00000040.00000001.sdmp, Offset: 013B2000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 651bc7935164ea3d35f9388076aa201f977997622a2f825c02343700db09d552
            • Instruction ID: ff11d1e587ddfffe0535f3eea1e4d9b63a7177e1fddcb4be04ba29687f07d6c3
            • Opcode Fuzzy Hash: 651bc7935164ea3d35f9388076aa201f977997622a2f825c02343700db09d552
            • Instruction Fuzzy Hash: 33D05E79305AC14FE3268A1DC2A8BD63FA4AF51B09F4644F9E9008BA63D368E581D200
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C6F00, Relevance: .0, Instructions: 15COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9a0939ec5680cffb9ecca245d0aafbbebb033a67d769e75d7ec85179cdc98f5e
            • Instruction ID: 106c5b964a68e21940aa053c31026a9d59a4a54f0b94e69833b8644a7178fa03
            • Opcode Fuzzy Hash: 9a0939ec5680cffb9ecca245d0aafbbebb033a67d769e75d7ec85179cdc98f5e
            • Instruction Fuzzy Hash: 6AD0423AA000048FC704CB88D5949D9F7F1EB88265F29C1AAD915A7251C732ED56CE50
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CEA30, Relevance: .0, Instructions: 15COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0328847bcaa424d620cda079e0ac9c8b5f6b55dcdb82abc69a9d9e5f16c6b28b
            • Instruction ID: 0c069f4501d6e9e38f83f228edb8184dc86796e4f0aadebacb22a84616ede74a
            • Opcode Fuzzy Hash: 0328847bcaa424d620cda079e0ac9c8b5f6b55dcdb82abc69a9d9e5f16c6b28b
            • Instruction Fuzzy Hash: 1FD0A938009200CF82AAC600D0008E2BB6FBA8622230045EFE00B03B01AB33F8628780
            Uniqueness

            Uniqueness Score: -1.00%

            Function 013B23BC, Relevance: .0, Instructions: 14COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.576016761.00000000013B2000.00000040.00000001.sdmp, Offset: 013B2000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5793fe31b2558d142b805a24e30504e018126dffd9fc3d83007e8372b08dfaf6
            • Instruction ID: ee4cf5d31ccce0112a223d8f7fd66bcbe307e7e9ff6a1209fada584f86a737cb
            • Opcode Fuzzy Hash: 5793fe31b2558d142b805a24e30504e018126dffd9fc3d83007e8372b08dfaf6
            • Instruction Fuzzy Hash: 9AD05E342012814BD716DB0CC6D8F9A3BD4AB41B04F0645E8AD008B662C7B5E8C1C600
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C5478, Relevance: .0, Instructions: 13COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: eacf6b0a569cf61f0cb9e9e10e59d9d60bea8141d2acee761f86be103e073da3
            • Instruction ID: 078d33d7db5c77398b7513520ef4e8dc031678b28036a2784f4e3bc75a6d6b98
            • Opcode Fuzzy Hash: eacf6b0a569cf61f0cb9e9e10e59d9d60bea8141d2acee761f86be103e073da3
            • Instruction Fuzzy Hash: 48D012380082048FDBB097A8B40DBEEBF5EB780307F0440CBD40780515DB317150EB1A
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C7C1E, Relevance: .0, Instructions: 13COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bb639b3806c04dc5d910cd87a1db5ab34fa5b20a82a2388ae9e70e77e7ee68dd
            • Instruction ID: 110ac15da49e9b1a895ce353965531e4016991554e828226580795c21718b671
            • Opcode Fuzzy Hash: bb639b3806c04dc5d910cd87a1db5ab34fa5b20a82a2388ae9e70e77e7ee68dd
            • Instruction Fuzzy Hash: 56D01738900109CF8B52CA71D9200AD7BF1EB48351B10536AD80297384E3345D018F10
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C0180, Relevance: .0, Instructions: 12COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 74d9dd66fd6a6a71ea61871369842c4e93201dc70da4b6ec8abbed954b59ca5c
            • Instruction ID: e752b0e027d0b8276f5f7df516db18ca66e2fc1019bea90bcd90f4ff12ff134a
            • Opcode Fuzzy Hash: 74d9dd66fd6a6a71ea61871369842c4e93201dc70da4b6ec8abbed954b59ca5c
            • Instruction Fuzzy Hash: 4ED01270200304CFCB182B70E01A42C337DAB48705B10087DD80687754DF37F890CB40
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CC799, Relevance: .0, Instructions: 12COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 12cea360a48d4261cc9cfb4ce4ee2b38d9866c154757136b80d77bc0ef63df7b
            • Instruction ID: 11d5d51df4adcb66ea9aa5dc68ef6f0a9bd28b46b4c772043db6f4186dcee35e
            • Opcode Fuzzy Hash: 12cea360a48d4261cc9cfb4ce4ee2b38d9866c154757136b80d77bc0ef63df7b
            • Instruction Fuzzy Hash: 53D0123801E3C19FCB132B306C2A8923F718E0B24930809CBF4C09A6A3D5A88580DB22
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C5B28, Relevance: .0, Instructions: 11COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f76567c13bb31ac6423fe719f3f756d2bfbdf00bcdb1719e694fd97033a2f392
            • Instruction ID: eeca6d7ddab865e1998b4268d2763bc2599f4c0fb66eee3b6277ca7b08815262
            • Opcode Fuzzy Hash: f76567c13bb31ac6423fe719f3f756d2bfbdf00bcdb1719e694fd97033a2f392
            • Instruction Fuzzy Hash: 6AC04C342046058FDE602BB5651E6AE7F5E9A82655B8001DAA90A89114FF24F5104B91
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C0660, Relevance: .0, Instructions: 10COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 31cc91bb247abe854d17cb9b0da4f0314e9eacf07c5791cd5bb77b6350b64538
            • Instruction ID: 37641d242e4e561cab42192103a167ece0c35db0c7fec3c36e3ed3c6ab134d4f
            • Opcode Fuzzy Hash: 31cc91bb247abe854d17cb9b0da4f0314e9eacf07c5791cd5bb77b6350b64538
            • Instruction Fuzzy Hash: 91C02B34185204CEC2949F72180D47D761F57D0300B00C47BD80501124893274938E11
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CD170, Relevance: .0, Instructions: 8COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 71bb9fc171cb38f703eb4ef12ad2a1f92fe270d5175287e21e53ff195b92a31b
            • Instruction ID: 2597238d650afbf497b886e2b14c34a92c632c8d58ddc2de62e2d6cd26617852
            • Opcode Fuzzy Hash: 71bb9fc171cb38f703eb4ef12ad2a1f92fe270d5175287e21e53ff195b92a31b
            • Instruction Fuzzy Hash: D5B09B34404384D7C285D615D9494A53F5DF586340780017EE4024105A9F656D42C7D9
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054CF030, Relevance: .0, Instructions: 8COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d1ce1ec285e90a28a67b9f6796961d83d747aee4cbc89600d942418bf3cbe984
            • Instruction ID: 0636f70673c4762ac761cd93211c89b105baf2603b137c7a8e82ad538878c6bb
            • Opcode Fuzzy Hash: d1ce1ec285e90a28a67b9f6796961d83d747aee4cbc89600d942418bf3cbe984
            • Instruction Fuzzy Hash: 12B0122AE4464C4FCDC833FD600D42CBB4E0980200B8444EB581D43303BDA774004751
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C6F24, Relevance: .0, Instructions: 8COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9331830965d72d12fcbefa973c87c0cf332396a92bd300e1243d284f656f33ac
            • Instruction ID: 4893616af2ac7bf3807c6b2aa9c2dc151706fb87d171477e8956a99c3fc14377
            • Opcode Fuzzy Hash: 9331830965d72d12fcbefa973c87c0cf332396a92bd300e1243d284f656f33ac
            • Instruction Fuzzy Hash: F4B092BBA04009C9DB00CA88B4413EDFB20E7902A9F108067C31052000C23201658A91
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054C2EC0, Relevance: .0, Instructions: 8COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000A.00000002.578888922.00000000054C0000.00000040.00000001.sdmp, Offset: 054C0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2f2253714bb2000ae75e8c434a552c0a27461b2e9276a7d62e46f4c6c0dfc5d8
            • Instruction ID: ba4e0cd810a959b55e2c205061ca63556929cdf88982d6beccd1a9dfce60cf07
            • Opcode Fuzzy Hash: 2f2253714bb2000ae75e8c434a552c0a27461b2e9276a7d62e46f4c6c0dfc5d8
            • Instruction Fuzzy Hash: FDB012352082080F579056B52809F63378C55C0609B4100E9D80CC0100F584E0902344
            Uniqueness

            Uniqueness Score: -1.00%

            Non-executed Functions

            Analysis Process: dhcpmon.exe PID: 1384 Parent PID: 3352 dhcpmon.exeCOMMON

            Executed Functions

            Function 02890260, Relevance: 14.3, Strings: 9, Instructions: 3060COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID: @'q$@'q$@'q$@'q$@'q$@'q$@'q$@'q$@'q
            • API String ID: 0-284968683
            • Opcode ID: 07721a85c8d8d5ca68c66072923c4b2cc12827e4406ff87ad4512dfcbbafd853
            • Instruction ID: 4e837648757fdad4785180230bdd47bd6bdfe38c786f33192807e04b7cecbdb2
            • Opcode Fuzzy Hash: 07721a85c8d8d5ca68c66072923c4b2cc12827e4406ff87ad4512dfcbbafd853
            • Instruction Fuzzy Hash: 8C63E774A012198FCB2ADB24C994BEDB7B6FF89300F5145E8E4196B365CB71AE81CF50
            Uniqueness

            Uniqueness Score: -1.00%

            Function 02890253, Relevance: 14.3, Strings: 9, Instructions: 3018COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID: @'q$@'q$@'q$@'q$@'q$@'q$@'q$@'q$@'q
            • API String ID: 0-284968683
            • Opcode ID: 0d56b0738c774b036f382d8cc22a09d45d68599af2d60babe8105ac233b9e5ef
            • Instruction ID: 2bc74507081563b735dd2170f10b18369b6272e6f044faae8b80e4298160eaa0
            • Opcode Fuzzy Hash: 0d56b0738c774b036f382d8cc22a09d45d68599af2d60babe8105ac233b9e5ef
            • Instruction Fuzzy Hash: 3063E674A012198FCB2ADB24C994BEDB7B6FF89300F5145E8E4196B365CB71AE81CF50
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05590006, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
            Download Yara Rule
            APIs
            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0559007B
            Memory Dump Source
            • Source File: 0000000D.00000002.406095963.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
            Similarity
            • API ID: AdjustPrivilegesToken
            • String ID:
            • API String ID: 2874748243-0
            • Opcode ID: dbfa9d2424b67682a03193b18c212c95bf9b8e5f7056763480b568b9699709bf
            • Instruction ID: 70c8b644faf57e166e00d0d8b1b84ec91059dad5a89c1098f3881072c873e0a0
            • Opcode Fuzzy Hash: dbfa9d2424b67682a03193b18c212c95bf9b8e5f7056763480b568b9699709bf
            • Instruction Fuzzy Hash: 2B21C5715053809FDB22CF15DC44B52BFF8FF05320F08849AED858B162D279E408CB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05590032, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
            Download Yara Rule
            APIs
            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0559007B
            Memory Dump Source
            • Source File: 0000000D.00000002.406095963.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
            Similarity
            • API ID: AdjustPrivilegesToken
            • String ID:
            • API String ID: 2874748243-0
            • Opcode ID: 3614f5112b2790f2816a88326420f363c391abb36d3e9e2c6d912e7c4251c226
            • Instruction ID: 749b5369b6c996815cb948777def9d651228f0c32f8659eddbe96b9d0b5aa68a
            • Opcode Fuzzy Hash: 3614f5112b2790f2816a88326420f363c391abb36d3e9e2c6d912e7c4251c226
            • Instruction Fuzzy Hash: 5D1151315003449FDF21CF55D948B66FBE8FF04320F08C86AED858B662E275E418CB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05590250, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
            Download Yara Rule
            APIs
            • NtQuerySystemInformation.NTDLL ref: 055902AD
            Memory Dump Source
            • Source File: 0000000D.00000002.406095963.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
            Similarity
            • API ID: InformationQuerySystem
            • String ID:
            • API String ID: 3562636166-0
            • Opcode ID: e24ed41c6635fdab70a3da18e7ac30964a0fabbe346a6a203da1876e7170b0c0
            • Instruction ID: 2935e91e333dfc93769ea2d94f3f526adb67618daf719913b9bef9d30301c972
            • Opcode Fuzzy Hash: e24ed41c6635fdab70a3da18e7ac30964a0fabbe346a6a203da1876e7170b0c0
            • Instruction Fuzzy Hash: B911AC71409380AFDB228F15DC44E62FFB4FF06220F09C49EED855B263D279A818CB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05590272, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
            Download Yara Rule
            APIs
            • NtQuerySystemInformation.NTDLL ref: 055902AD
            Memory Dump Source
            • Source File: 0000000D.00000002.406095963.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
            Similarity
            • API ID: InformationQuerySystem
            • String ID:
            • API String ID: 3562636166-0
            • Opcode ID: d3903e64a3bc4f869a8abb30e4a213104ba38e6b9ff0c683869d1adfb5e52ff2
            • Instruction ID: d4d3a53aa1fd65bd42bfd5ba9471f14f5f30b192ad774776eba64b0afc6e12eb
            • Opcode Fuzzy Hash: d3903e64a3bc4f869a8abb30e4a213104ba38e6b9ff0c683869d1adfb5e52ff2
            • Instruction Fuzzy Hash: DE018B314042409FDF21CF95DD88B61FFA4FF08320F08C89AED894B662D279A418CFA2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 02893C28, Relevance: 3.8, Strings: 3, Instructions: 59COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID: X$q$X$q$X$q
            • API String ID: 0-1048160887
            • Opcode ID: acabbe803c19047384c464751142a08e17bc8a02b5a567821f2798e4738713d9
            • Instruction ID: f00aa17574dd5412c1918e89c9f1a17377b454a080ebfbf44d15c39281a5dc7c
            • Opcode Fuzzy Hash: acabbe803c19047384c464751142a08e17bc8a02b5a567821f2798e4738713d9
            • Instruction Fuzzy Hash: 71212378E0020CDBDF09DFA9C9419EDBBB2FF88308F189069C80477254DB315A81CB64
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0266B964, Relevance: 3.1, APIs: 2, Instructions: 108synchronizationCOMMON
            Download Yara Rule
            APIs
            • CreateMutexW.KERNELBASE(?,?), ref: 0266B90D
            • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0266B9EA
            Memory Dump Source
            • Source File: 0000000D.00000002.401659695.000000000266A000.00000040.00000001.sdmp, Offset: 0266A000, based on PE: false
            Similarity
            • API ID: CreateLookupMutexPrivilegeValue
            • String ID:
            • API String ID: 4106873102-0
            • Opcode ID: 08ebfee3ebe91d58d4718f357724c0104ba8780b45f19530ab81c416ea983c3d
            • Instruction ID: f3d3e4c26bd13ecb78a53e07138f4ce29f3bd3bca7864bb88427915c3736a4d8
            • Opcode Fuzzy Hash: 08ebfee3ebe91d58d4718f357724c0104ba8780b45f19530ab81c416ea983c3d
            • Instruction Fuzzy Hash: 2431F5725053809FE711CF25DC89BA6BFE8FF06324F0885AAD985DB253D335A804CB61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 02894749, Relevance: 2.7, Strings: 2, Instructions: 178COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID: /$c
            • API String ID: 0-3909290379
            • Opcode ID: f64b0b714471088d083a2ef1a4496b61135bfb54d0ec5376cab08c812ccd5fe2
            • Instruction ID: e0cb3da2652337fc641b62da7952eac5687f0a0b39d0dac9a518aead7e9555d0
            • Opcode Fuzzy Hash: f64b0b714471088d083a2ef1a4496b61135bfb54d0ec5376cab08c812ccd5fe2
            • Instruction Fuzzy Hash: 5571E578E042989FCF10CFA8C8849EDBBF5BF4A314F2885A9E455EB255D3349942CF51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 02893BB9, Relevance: 2.6, Strings: 2, Instructions: 90COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID: X$q$X$q
            • API String ID: 0-2352092357
            • Opcode ID: 351cb9d90b568c592c3914c64b6c7f0709061259a8fd612fb805f4678a5eba97
            • Instruction ID: 689cb316477b6d23c96e6dfdecc775e1dfd36faa688f731953ce69002cdb4503
            • Opcode Fuzzy Hash: 351cb9d90b568c592c3914c64b6c7f0709061259a8fd612fb805f4678a5eba97
            • Instruction Fuzzy Hash: 87313978D042089FDF0ADFA5D9519EEBFB2FF89304F1494AAC404A7250D7310A91CB51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 02893AA9, Relevance: 2.6, Strings: 2, Instructions: 88COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID: X1q$X1q
            • API String ID: 0-2961807067
            • Opcode ID: 38da1b028ccaaa4782289bf8f01e3948576b3eb07fb0535e2d2c90ec3cc09c18
            • Instruction ID: f26038345f590a9e9bc1c3b0ff0a8bc5d360ec5e898c4d07c8d3beeff7ca60cf
            • Opcode Fuzzy Hash: 38da1b028ccaaa4782289bf8f01e3948576b3eb07fb0535e2d2c90ec3cc09c18
            • Instruction Fuzzy Hash: 77313675E01259AFCF06DFA9D990AEEBFB2FF89304F14806AE404AB251D7319941CF90
            Uniqueness

            Uniqueness Score: -1.00%

            Function 02893AB8, Relevance: 2.6, Strings: 2, Instructions: 79COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID: X1q$X1q
            • API String ID: 0-2961807067
            • Opcode ID: e5a602f042d1b9ba3e8fb8e9caf1e4fe00f99b0016ec5a8263e41e73bc50eb03
            • Instruction ID: 2425b304996367344e62c7ed1ca183c409d54688777eaac2084f13f0054ea33d
            • Opcode Fuzzy Hash: e5a602f042d1b9ba3e8fb8e9caf1e4fe00f99b0016ec5a8263e41e73bc50eb03
            • Instruction Fuzzy Hash: 0F31E575E01209EFCF05DFA9D9849EEBBB2FF88304F148029E504A7254D7319951CF54
            Uniqueness

            Uniqueness Score: -1.00%

            Function 02893C19, Relevance: 2.6, Strings: 2, Instructions: 61COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID: X$q$X$q
            • API String ID: 0-2352092357
            • Opcode ID: ed3706257f7240326c404c1e51e8f761ff3f8822fcbc57b0015800a5c3e084b4
            • Instruction ID: e8aa64249cda3df7d7cfb2d7cc1fcef530c2c896d1b191e629f9a9a92588d0fd
            • Opcode Fuzzy Hash: ed3706257f7240326c404c1e51e8f761ff3f8822fcbc57b0015800a5c3e084b4
            • Instruction Fuzzy Hash: DB212578D042489FDF0ADFA5C945AEDBFB2FF89308F1894A9C405BB251D7350A91CB61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05590B67, Relevance: 1.6, APIs: 1, Instructions: 102COMMON
            Download Yara Rule
            APIs
            • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 05590C17
            Memory Dump Source
            • Source File: 0000000D.00000002.406095963.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
            Similarity
            • API ID: DuplicateHandle
            • String ID:
            • API String ID: 3793708945-0
            • Opcode ID: cce002588e4008215d80b0c07575d0a3f0ca42cdc3890a999f65c01f80ad6bf9
            • Instruction ID: 9964605c3a7faf07c5e82003334a49322c3c77c1848eccd38af973e700b22e93
            • Opcode Fuzzy Hash: cce002588e4008215d80b0c07575d0a3f0ca42cdc3890a999f65c01f80ad6bf9
            • Instruction Fuzzy Hash: E73196714043846FEB228F65DD45F66BFACEF06310F04899AE985DB152D224A949CB71
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0266B6D8, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
            Download Yara Rule
            APIs
            • FindCloseChangeNotification.KERNELBASE(?), ref: 0266B748
            Memory Dump Source
            • Source File: 0000000D.00000002.401659695.000000000266A000.00000040.00000001.sdmp, Offset: 0266A000, based on PE: false
            Similarity
            • API ID: ChangeCloseFindNotification
            • String ID:
            • API String ID: 2591292051-0
            • Opcode ID: 627d7dc1f118cb09787dbf258257bcd931966e250fd4de09d88f4864bbdc690d
            • Instruction ID: 197483a07f9ea3045f4edf49b70d1a1aab8c441c3c48046063a9462cd91462fc
            • Opcode Fuzzy Hash: 627d7dc1f118cb09787dbf258257bcd931966e250fd4de09d88f4864bbdc690d
            • Instruction Fuzzy Hash: A831D4714093809FD712CF24DC49766BFA8EF46324F1880ABDD85CF252D275A908CB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0266BB2E, Relevance: 1.6, APIs: 1, Instructions: 94COMMON
            Download Yara Rule
            APIs
            • GetTokenInformation.KERNELBASE(?,00000E2C,C705E4E5,00000000,00000000,00000000,00000000), ref: 0266BBD8
            Memory Dump Source
            • Source File: 0000000D.00000002.401659695.000000000266A000.00000040.00000001.sdmp, Offset: 0266A000, based on PE: false
            Similarity
            • API ID: InformationToken
            • String ID:
            • API String ID: 4114910276-0
            • Opcode ID: 0000c146590997f7fac1a11a4db0c63341603b880ccabf1b20b0ccd1ed320a5d
            • Instruction ID: f504cf1fdaad4fb39082670e08a2f847ae7270bced5e8dafd1f28b8d7eacbc97
            • Opcode Fuzzy Hash: 0000c146590997f7fac1a11a4db0c63341603b880ccabf1b20b0ccd1ed320a5d
            • Instruction Fuzzy Hash: F731D871005384AFEB228F25DD45FA6BFBCEF06310F08849AE984DB153D624A509CBB1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0266A98A, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON
            Download Yara Rule
            APIs
            • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0266AA39
            Memory Dump Source
            • Source File: 0000000D.00000002.401659695.000000000266A000.00000040.00000001.sdmp, Offset: 0266A000, based on PE: false
            Similarity
            • API ID: Open
            • String ID:
            • API String ID: 71445658-0
            • Opcode ID: 3eee6c25d2c219bea2b532f4766e7225d057d74dfcd053d29738fd4a303ea28f
            • Instruction ID: 696a8ba827a1299d52926a4246a7307b4359ca99e190d8e38fd5c04fe9f13c2f
            • Opcode Fuzzy Hash: 3eee6c25d2c219bea2b532f4766e7225d057d74dfcd053d29738fd4a303ea28f
            • Instruction Fuzzy Hash: A531D4724043846FE7228F25CD45FA7BFACEF06310F08859BED809B152D265E909CBB1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05590760, Relevance: 1.6, APIs: 1, Instructions: 90fileCOMMON
            Download Yara Rule
            APIs
            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 05590801
            Memory Dump Source
            • Source File: 0000000D.00000002.406095963.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
            Similarity
            • API ID: CreateFile
            • String ID:
            • API String ID: 823142352-0
            • Opcode ID: 3713431923a512a2b71d941414fec0bc23f66c3ad4d5bf022e299704d1868748
            • Instruction ID: 187605fbcf235928759f743fd644e1e9c9c7b22d94ad0024df5d7cfa9df93639
            • Opcode Fuzzy Hash: 3713431923a512a2b71d941414fec0bc23f66c3ad4d5bf022e299704d1868748
            • Instruction Fuzzy Hash: 37317071504384AFEB22CF25DD44F66BFE8FF05220F08889EE9859B252D265E405CB71
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0266B866, Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
            Download Yara Rule
            APIs
            • CreateMutexW.KERNELBASE(?,?), ref: 0266B90D
            Memory Dump Source
            • Source File: 0000000D.00000002.401659695.000000000266A000.00000040.00000001.sdmp, Offset: 0266A000, based on PE: false
            Similarity
            • API ID: CreateMutex
            • String ID:
            • API String ID: 1964310414-0
            • Opcode ID: fde979d4523da64f080d00b0839cde19eac791c282767fb09f013d4a66757b2e
            • Instruction ID: 4aebc13bd4cf995ded8093854cc6ed9a57493ecefeb71f37f9296aab200453fe
            • Opcode Fuzzy Hash: fde979d4523da64f080d00b0839cde19eac791c282767fb09f013d4a66757b2e
            • Instruction Fuzzy Hash: 1131B571509780AFE722CF25DD85B56FFE8EF06314F08849AE984DB293D365A908C761
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0266AA81, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
            Download Yara Rule
            APIs
            • RegQueryValueExW.KERNELBASE(?,00000E2C,C705E4E5,00000000,00000000,00000000,00000000), ref: 0266AB3C
            Memory Dump Source
            • Source File: 0000000D.00000002.401659695.000000000266A000.00000040.00000001.sdmp, Offset: 0266A000, based on PE: false
            Similarity
            • API ID: QueryValue
            • String ID:
            • API String ID: 3660427363-0
            • Opcode ID: 5c9354d5d00db30cd23e0dfb8c04a856953d0afef9e9a6feb1a0849c7f731bfe
            • Instruction ID: 865003acb2d69b38d4e8d703318806903c004910e3f19fdcd69e68bebe12320a
            • Opcode Fuzzy Hash: 5c9354d5d00db30cd23e0dfb8c04a856953d0afef9e9a6feb1a0849c7f731bfe
            • Instruction Fuzzy Hash: 9531A1711093805FE722CF65CC89FA2BFACEF06310F08849AE985DB253D364E948CB61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05590EF4, Relevance: 1.6, APIs: 1, Instructions: 87COMMON
            Download Yara Rule
            APIs
            • TerminateProcess.KERNELBASE(?,00000E2C,C705E4E5,00000000,00000000,00000000,00000000), ref: 05590F88
            Memory Dump Source
            • Source File: 0000000D.00000002.406095963.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
            Similarity
            • API ID: ProcessTerminate
            • String ID:
            • API String ID: 560597551-0
            • Opcode ID: cce8a02d005960baf68123e15f81c2c88581bd84e2d89204739bf8468de074f4
            • Instruction ID: 863b15a0ed34abf6cea47a4608d2fa0521d1a9c29358a23e8770a82565112925
            • Opcode Fuzzy Hash: cce8a02d005960baf68123e15f81c2c88581bd84e2d89204739bf8468de074f4
            • Instruction Fuzzy Hash: 8F21E4725093806FEB128B24DD45BA6BFACEF42320F1884DAE984DF193D224A905C7A1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0559038B, Relevance: 1.6, APIs: 1, Instructions: 85COMMON
            Download Yara Rule
            APIs
            • LsaOpenPolicy.ADVAPI32(?,00000E2C), ref: 05590427
            Memory Dump Source
            • Source File: 0000000D.00000002.406095963.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
            Similarity
            • API ID: OpenPolicy
            • String ID:
            • API String ID: 2030686058-0
            • Opcode ID: f1abe1b1ccc2eee786b1d5560a751a3d596e4f7b00216c40205f8aa6a3438b43
            • Instruction ID: 3cbb16ecab8a452e03341719f031dbd207835cb7a409ba4df6b516010fac65ac
            • Opcode Fuzzy Hash: f1abe1b1ccc2eee786b1d5560a751a3d596e4f7b00216c40205f8aa6a3438b43
            • Instruction Fuzzy Hash: 2F219172504284AFEB21CF25DD49F66BFACFF05310F08889AED849B152D224A508CB61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05590B9A, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
            Download Yara Rule
            APIs
            • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 05590C17
            Memory Dump Source
            • Source File: 0000000D.00000002.406095963.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
            Similarity
            • API ID: DuplicateHandle
            • String ID:
            • API String ID: 3793708945-0
            • Opcode ID: c11dbb86ec795d30fca26bd55a6609d1eda0cbeff555481104c2ccaf77180952
            • Instruction ID: b8d5cc5f76f29eeecc859058fcb6be4fc09c27c0186c5b5b2bc5106edde54929
            • Opcode Fuzzy Hash: c11dbb86ec795d30fca26bd55a6609d1eda0cbeff555481104c2ccaf77180952
            • Instruction Fuzzy Hash: 8621B271500204AFEB22CF69DE89F6AFBECFF04310F04896AED859B151D674A5448BA1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05590C75, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
            Download Yara Rule
            APIs
            • DeleteFileW.KERNELBASE(?), ref: 05590CFC
            Memory Dump Source
            • Source File: 0000000D.00000002.406095963.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
            Similarity
            • API ID: DeleteFile
            • String ID:
            • API String ID: 4033686569-0
            • Opcode ID: 1ea2b73732018dc7f2300845e62c018029b685bacfa7ab0d0042ac638b5a9ab3
            • Instruction ID: f6665e87bebdb65912dc865ff55ec0ba42bd26e08136a7e575eb8e959ea3387a
            • Opcode Fuzzy Hash: 1ea2b73732018dc7f2300845e62c018029b685bacfa7ab0d0042ac638b5a9ab3
            • Instruction Fuzzy Hash: 2D21A1715093C05FDB12CB35DC54A92BFA4EF43210F0984DADC848F2A3D225A908CB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05590782, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
            Download Yara Rule
            APIs
            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 05590801
            Memory Dump Source
            • Source File: 0000000D.00000002.406095963.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
            Similarity
            • API ID: CreateFile
            • String ID:
            • API String ID: 823142352-0
            • Opcode ID: 59c132d2d9f32b6feeb87e4d9699ab71e515344ab4df1a2a8998af58b0cea3f3
            • Instruction ID: 6d4bb79832bf338a282bf3e4ddec700bbb727551e78a93cfc4fd6935941c5159
            • Opcode Fuzzy Hash: 59c132d2d9f32b6feeb87e4d9699ab71e515344ab4df1a2a8998af58b0cea3f3
            • Instruction Fuzzy Hash: 9D21A175504244AFEB21CF69DD88F66FBE8FF04320F04886AE9858B652D375E404CBB5
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05590928, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
            Download Yara Rule
            APIs
            • WriteFile.KERNELBASE(?,00000E2C,C705E4E5,00000000,00000000,00000000,00000000), ref: 055909B9
            Memory Dump Source
            • Source File: 0000000D.00000002.406095963.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
            Similarity
            • API ID: FileWrite
            • String ID:
            • API String ID: 3934441357-0
            • Opcode ID: cf6f69f7cdcd529d24aad94ba41c99b265a8be57dbe28609fb3578bd839331cf
            • Instruction ID: 8e33b307da0e0f686ea19771ab8f50440cf38472a5d8f5250f539ee9270d4cb3
            • Opcode Fuzzy Hash: cf6f69f7cdcd529d24aad94ba41c99b265a8be57dbe28609fb3578bd839331cf
            • Instruction Fuzzy Hash: 0E21A471409380AFEB228F25DD45F66BFB8EF46310F0885DBE9849F153C264A909CB72
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05590694, Relevance: 1.6, APIs: 1, Instructions: 74COMMON
            Download Yara Rule
            APIs
            • GetTempFileNameW.KERNELBASE(?,00000E2C,?,?), ref: 0559072A
            Memory Dump Source
            • Source File: 0000000D.00000002.406095963.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
            Similarity
            • API ID: FileNameTemp
            • String ID:
            • API String ID: 745986568-0
            • Opcode ID: 790d568353279622ba99df273f07d8d7b08de5fcf3bbde4ce82541bafeb8e4e4
            • Instruction ID: 352f9fbc4f99e4e04a87c93c08bd4a462cb1f6874cf8139f25e0405267f24668
            • Opcode Fuzzy Hash: 790d568353279622ba99df273f07d8d7b08de5fcf3bbde4ce82541bafeb8e4e4
            • Instruction Fuzzy Hash: C921A1714093C06FD3128B25DC41B62BFB8EF87620F0981DBED849B553D225A919C7B2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0266A9BA, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
            Download Yara Rule
            APIs
            • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0266AA39
            Memory Dump Source
            • Source File: 0000000D.00000002.401659695.000000000266A000.00000040.00000001.sdmp, Offset: 0266A000, based on PE: false
            Similarity
            • API ID: Open
            • String ID:
            • API String ID: 71445658-0
            • Opcode ID: d99c82d02d5579a7b69ed0b0eb5f7e8c2227b6b9289fe7f7b3f487706a43a5f6
            • Instruction ID: 3ff8781da540799829f4691f6d0f9073725793a54b7cd97907ba0507c37d2697
            • Opcode Fuzzy Hash: d99c82d02d5579a7b69ed0b0eb5f7e8c2227b6b9289fe7f7b3f487706a43a5f6
            • Instruction Fuzzy Hash: 03219F72500204AFE7219E69DE49F7BFBACEF08310F04855AED85AB241D665E9088BB5
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055903B6, Relevance: 1.6, APIs: 1, Instructions: 72COMMON
            Download Yara Rule
            APIs
            • LsaOpenPolicy.ADVAPI32(?,00000E2C), ref: 05590427
            Memory Dump Source
            • Source File: 0000000D.00000002.406095963.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
            Similarity
            • API ID: OpenPolicy
            • String ID:
            • API String ID: 2030686058-0
            • Opcode ID: 4dd17da15a9caf48805b884fb621f7689a0cbdf180633a42152e23f5221b41eb
            • Instruction ID: d41c0b48073564eb1dd7ec732fca3510a579f3ae35bd0ee0cc30d286d93ddb2c
            • Opcode Fuzzy Hash: 4dd17da15a9caf48805b884fb621f7689a0cbdf180633a42152e23f5221b41eb
            • Instruction Fuzzy Hash: 7C21C371500204AFEB21DF69DD49F6AFBECFF44710F14886AED88DB251D274A5088BB6
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0266B89A, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
            Download Yara Rule
            APIs
            • CreateMutexW.KERNELBASE(?,?), ref: 0266B90D
            Memory Dump Source
            • Source File: 0000000D.00000002.401659695.000000000266A000.00000040.00000001.sdmp, Offset: 0266A000, based on PE: false
            Similarity
            • API ID: CreateMutex
            • String ID:
            • API String ID: 1964310414-0
            • Opcode ID: 584ae62db8cc44267b14fd43a90fa4b38cf48287fea8f12a68063e84360b303a
            • Instruction ID: c8a6e1b0db0afee6c8b9cdef4f409b5c382a9d73709f3dbc509b057c7e32313a
            • Opcode Fuzzy Hash: 584ae62db8cc44267b14fd43a90fa4b38cf48287fea8f12a68063e84360b303a
            • Instruction Fuzzy Hash: 0C21BB71500244AFE721DF29DE89B66FBE8EF05324F04846AED88DB342D375E504CB66
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05590868, Relevance: 1.6, APIs: 1, Instructions: 70COMMON
            Download Yara Rule
            APIs
            • GetFileType.KERNELBASE(?,00000E2C,C705E4E5,00000000,00000000,00000000,00000000), ref: 055908ED
            Memory Dump Source
            • Source File: 0000000D.00000002.406095963.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
            Similarity
            • API ID: FileType
            • String ID:
            • API String ID: 3081899298-0
            • Opcode ID: 86eb358a7c6adc059c024505b02ccff5e21054d99dcbd7969453f61905c99b2b
            • Instruction ID: fdff43e23ab48175baab3d0f1c6ad4ba6297e15ec8e2ec637a76deda09334ca5
            • Opcode Fuzzy Hash: 86eb358a7c6adc059c024505b02ccff5e21054d99dcbd7969453f61905c99b2b
            • Instruction Fuzzy Hash: CE21C3714083846FE7128B259D55FA3BFACEF46620F08849AED859B153D268A908C771
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0266BB6E, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
            Download Yara Rule
            APIs
            • GetTokenInformation.KERNELBASE(?,00000E2C,C705E4E5,00000000,00000000,00000000,00000000), ref: 0266BBD8
            Memory Dump Source
            • Source File: 0000000D.00000002.401659695.000000000266A000.00000040.00000001.sdmp, Offset: 0266A000, based on PE: false
            Similarity
            • API ID: InformationToken
            • String ID:
            • API String ID: 4114910276-0
            • Opcode ID: 4807a586c9c2e776c2f2d07f000e067455d0457da9f8eae98a105680fb6d21e4
            • Instruction ID: 1098a29349907ab95037b44f9e9e5e3285741b5ecb45330257882fcf06a5d6f6
            • Opcode Fuzzy Hash: 4807a586c9c2e776c2f2d07f000e067455d0457da9f8eae98a105680fb6d21e4
            • Instruction Fuzzy Hash: 9211C071500244AFEB22CF65DE49FAABBACEF04320F14846AED45EB241D674A504CBB1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0266AAC2, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
            Download Yara Rule
            APIs
            • RegQueryValueExW.KERNELBASE(?,00000E2C,C705E4E5,00000000,00000000,00000000,00000000), ref: 0266AB3C
            Memory Dump Source
            • Source File: 0000000D.00000002.401659695.000000000266A000.00000040.00000001.sdmp, Offset: 0266A000, based on PE: false
            Similarity
            • API ID: QueryValue
            • String ID:
            • API String ID: 3660427363-0
            • Opcode ID: 54f8144ffa4d03d57a395f4bd7fc530090d8dbcadecdc8f4e7698b9f3c96cdc9
            • Instruction ID: c3cff49e1b89d930dcbb5f91e18a1e844d823b37bbeee80e87f1db8e18be0562
            • Opcode Fuzzy Hash: 54f8144ffa4d03d57a395f4bd7fc530090d8dbcadecdc8f4e7698b9f3c96cdc9
            • Instruction Fuzzy Hash: 9B214D71600605AFE721CE65DD89F66BBECEF04710F0484AAED85AB252D764E808CAB1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055900C8, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
            Download Yara Rule
            APIs
            • FindCloseChangeNotification.KERNELBASE(?), ref: 05590134
            Memory Dump Source
            • Source File: 0000000D.00000002.406095963.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
            Similarity
            • API ID: ChangeCloseFindNotification
            • String ID:
            • API String ID: 2591292051-0
            • Opcode ID: 3d6bce94bfd038b2be16adf3f4c5cb4c0885d2fe7de3625adc0d8d5788875f3d
            • Instruction ID: 69f33e3280e7c4a1199bf0bacfe65a42b3a1f73953e8ede36033168c5178c644
            • Opcode Fuzzy Hash: 3d6bce94bfd038b2be16adf3f4c5cb4c0885d2fe7de3625adc0d8d5788875f3d
            • Instruction Fuzzy Hash: 9B21C3725093C05FDB138B25DC54B92BFB4AF47624F0D84DAECC58F2A3D2689908CB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05590D43, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
            Download Yara Rule
            APIs
            • K32EnumProcesses.KERNEL32(?,?,?,C705E4E5,00000000,?,?,?,?,?,?,?,?,72733C38), ref: 05590DB6
            Memory Dump Source
            • Source File: 0000000D.00000002.406095963.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
            Similarity
            • API ID: EnumProcesses
            • String ID:
            • API String ID: 84517404-0
            • Opcode ID: 8404d2115ec0cbf6c37bbc1ea99aca937d0dbc91ba59860eead37c661e1671f4
            • Instruction ID: e0367709d25d71e7c30c3ee94c455f4c0196e3f06a784d78074c9999558f9db2
            • Opcode Fuzzy Hash: 8404d2115ec0cbf6c37bbc1ea99aca937d0dbc91ba59860eead37c661e1671f4
            • Instruction Fuzzy Hash: E72195755093845FD712CF25DC44B92BFE8FF46210F0984DAE985CF1A3D278A508CB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0266B0B5, Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
            Download Yara Rule
            APIs
            • LoadLibraryShim.MSCOREE(?,?,?,?), ref: 0266B131
            Memory Dump Source
            • Source File: 0000000D.00000002.401659695.000000000266A000.00000040.00000001.sdmp, Offset: 0266A000, based on PE: false
            Similarity
            • API ID: LibraryLoadShim
            • String ID:
            • API String ID: 1475914169-0
            • Opcode ID: ba8b4252ed64279d19b6f4713297495734161b7ac02c9a81e2ae202757c1e4e4
            • Instruction ID: ff8cb64ce756ef8f0ad9a88ce7839b723e6caecf1794d66b7d82826ad63ada12
            • Opcode Fuzzy Hash: ba8b4252ed64279d19b6f4713297495734161b7ac02c9a81e2ae202757c1e4e4
            • Instruction Fuzzy Hash: 992193B5509384AFD7228E15DC45B62FFB8EF16214F08808AED84DB253D365A408CB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05591079, Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON
            Download Yara Rule
            APIs
            • PostMessageW.USER32(?,?,?,?), ref: 055910ED
            Memory Dump Source
            • Source File: 0000000D.00000002.406095963.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
            Similarity
            • API ID: MessagePost
            • String ID:
            • API String ID: 410705778-0
            • Opcode ID: f0bd5eddf458f6393af13e06a9fc7729d67fdbab448a6409ac5efe7a72e35237
            • Instruction ID: 97251013af633549f0eebbcae29788f8b73b0366fc1ac534d5ff29c32fe32d31
            • Opcode Fuzzy Hash: f0bd5eddf458f6393af13e06a9fc7729d67fdbab448a6409ac5efe7a72e35237
            • Instruction Fuzzy Hash: 45216A714097C0AFDB238B25CC44A52FFB4FF17220F0985DAE9C48F163D269A818DB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05590F32, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
            Download Yara Rule
            APIs
            • TerminateProcess.KERNELBASE(?,00000E2C,C705E4E5,00000000,00000000,00000000,00000000), ref: 05590F88
            Memory Dump Source
            • Source File: 0000000D.00000002.406095963.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
            Similarity
            • API ID: ProcessTerminate
            • String ID:
            • API String ID: 560597551-0
            • Opcode ID: b81dc13096256ae3979062fde4eddc340fca31faa43ef36cf703d8da51f4c846
            • Instruction ID: 71a92f873663e3ef1843b9fc8c7b27fa42a5a4f175569f56e87493ac893951ab
            • Opcode Fuzzy Hash: b81dc13096256ae3979062fde4eddc340fca31faa43ef36cf703d8da51f4c846
            • Instruction Fuzzy Hash: 0011CA71500244AFEB11CF25DE89F6AFB9CEF45320F14C86AED45DB252D678A6048BB1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0266A4A7, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
            Download Yara Rule
            APIs
            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0266A512
            Memory Dump Source
            • Source File: 0000000D.00000002.401659695.000000000266A000.00000040.00000001.sdmp, Offset: 0266A000, based on PE: false
            Similarity
            • API ID: DuplicateHandle
            • String ID:
            • API String ID: 3793708945-0
            • Opcode ID: a9ea9abfc5ab5a20152912bd303d45a8b35489cd57762dddb30b1d5bd4654463
            • Instruction ID: 861567d7248b297bb79874ff22e889ae3ca847c5ac530ea0dc452970da60dbeb
            • Opcode Fuzzy Hash: a9ea9abfc5ab5a20152912bd303d45a8b35489cd57762dddb30b1d5bd4654463
            • Instruction Fuzzy Hash: 36117271409380AFDB228F55DC44B62FFB8EF4A320F08859AED858B163D275A418DB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0559095A, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
            Download Yara Rule
            APIs
            • WriteFile.KERNELBASE(?,00000E2C,C705E4E5,00000000,00000000,00000000,00000000), ref: 055909B9
            Memory Dump Source
            • Source File: 0000000D.00000002.406095963.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
            Similarity
            • API ID: FileWrite
            • String ID:
            • API String ID: 3934441357-0
            • Opcode ID: f27e59db8324a4e878e2365e5681835c981979d47541bb390a7feaeab0105f91
            • Instruction ID: 35f3bd60f3955fa2d8c6ddfa543ea97eb1553d085786d3d2d0a3ae8bb0db7e48
            • Opcode Fuzzy Hash: f27e59db8324a4e878e2365e5681835c981979d47541bb390a7feaeab0105f91
            • Instruction Fuzzy Hash: 7B11C471400240AFEB22DF55DE49F66FBACFF45320F14C86AEE459B252D274A404CBB2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0266B9A2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
            Download Yara Rule
            APIs
            • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0266B9EA
            Memory Dump Source
            • Source File: 0000000D.00000002.401659695.000000000266A000.00000040.00000001.sdmp, Offset: 0266A000, based on PE: false
            Similarity
            • API ID: LookupPrivilegeValue
            • String ID:
            • API String ID: 3899507212-0
            • Opcode ID: dc7c2e585f2422bbff2edb27a126c836bd5bdc070de5073ab12fe49d7eedc038
            • Instruction ID: 319315a53f265ddd6bc39dea407fef291a401a62087f186f998b7cf6de11b317
            • Opcode Fuzzy Hash: dc7c2e585f2422bbff2edb27a126c836bd5bdc070de5073ab12fe49d7eedc038
            • Instruction Fuzzy Hash: D0115E716002409FDB21DF2AD989766FBE8EF04224F08C46AED49DB742D775E404CB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0559089A, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
            Download Yara Rule
            APIs
            • GetFileType.KERNELBASE(?,00000E2C,C705E4E5,00000000,00000000,00000000,00000000), ref: 055908ED
            Memory Dump Source
            • Source File: 0000000D.00000002.406095963.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
            Similarity
            • API ID: FileType
            • String ID:
            • API String ID: 3081899298-0
            • Opcode ID: a71929ecf03da49b34af57616edb66fa9344126fc1bce188b9c950e5130833e6
            • Instruction ID: 5a8ceab563f872733861d7cf72ddc24909cd9d7b2e1bec6a008f03847454d0ce
            • Opcode Fuzzy Hash: a71929ecf03da49b34af57616edb66fa9344126fc1bce188b9c950e5130833e6
            • Instruction Fuzzy Hash: 9F012631500240AFEB11CF19CE89FB6FB9CEF04320F14C896ED449B292D278A5048BB2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05590D76, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
            Download Yara Rule
            APIs
            • K32EnumProcesses.KERNEL32(?,?,?,C705E4E5,00000000,?,?,?,?,?,?,?,?,72733C38), ref: 05590DB6
            Memory Dump Source
            • Source File: 0000000D.00000002.406095963.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
            Similarity
            • API ID: EnumProcesses
            • String ID:
            • API String ID: 84517404-0
            • Opcode ID: 390c20e5ec772d512f623d35bf9496623f2da8c98dc794fd34c8054ddfba5aab
            • Instruction ID: 717ca45e2de82eeb5b57964de756588635d6436166fa7a56c8122665c8f0b13d
            • Opcode Fuzzy Hash: 390c20e5ec772d512f623d35bf9496623f2da8c98dc794fd34c8054ddfba5aab
            • Instruction Fuzzy Hash: 3411A1755003449FDB11CF29D988BA6FBE8FF44320F08C8AADD49CB666D274E404CB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0266A854, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 0000000D.00000002.401659695.000000000266A000.00000040.00000001.sdmp, Offset: 0266A000, based on PE: false
            Similarity
            • API ID: LongWindow
            • String ID:
            • API String ID: 1378638983-0
            • Opcode ID: faa6ef8d9b93de3f5044f4b6fffc80056639a1db4d24bdafd75de0992d5925c3
            • Instruction ID: a4d8ae09e8cd2d8c6dd0cb1180503cb0d578b761d91bdaaaa98d5ccbbfae68f9
            • Opcode Fuzzy Hash: faa6ef8d9b93de3f5044f4b6fffc80056639a1db4d24bdafd75de0992d5925c3
            • Instruction Fuzzy Hash: 771182314097849FD7228F55DC48B52FFB4EF06220F09C4DAED854B263D375A818DBA2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055906DA, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
            Download Yara Rule
            APIs
            • GetTempFileNameW.KERNELBASE(?,00000E2C,?,?), ref: 0559072A
            Memory Dump Source
            • Source File: 0000000D.00000002.406095963.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
            Similarity
            • API ID: FileNameTemp
            • String ID:
            • API String ID: 745986568-0
            • Opcode ID: a027a6ad6f5e570300e667875ab875e01008e46cc0cad5069b2bebb1af10020d
            • Instruction ID: 0e95e320cde94ef304880a901a8298a595d72ea66257dabf0178b3692e6c02a1
            • Opcode Fuzzy Hash: a027a6ad6f5e570300e667875ab875e01008e46cc0cad5069b2bebb1af10020d
            • Instruction Fuzzy Hash: B001B171500200ABD350DF1ADC81B26FBA8FB88B20F14C12AED088B641D631B515CBA6
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05590CC2, Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
            Download Yara Rule
            APIs
            • DeleteFileW.KERNELBASE(?), ref: 05590CFC
            Memory Dump Source
            • Source File: 0000000D.00000002.406095963.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
            Similarity
            • API ID: DeleteFile
            • String ID:
            • API String ID: 4033686569-0
            • Opcode ID: 4e143d4959d7f098866adcdae98fc824b0e26b947bbaeb6f1a98ce8035a9fd51
            • Instruction ID: 36c1c08185495c90e608eef06dc418bed5f341bd1e5dded1317a28355037b5e7
            • Opcode Fuzzy Hash: 4e143d4959d7f098866adcdae98fc824b0e26b947bbaeb6f1a98ce8035a9fd51
            • Instruction Fuzzy Hash: A901B1756043408FDB54CF29D988766FBE8FF40220F08C8AADD49CF296D678E404CBA2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0266B0E6, Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON
            Download Yara Rule
            APIs
            • LoadLibraryShim.MSCOREE(?,?,?,?), ref: 0266B131
            Memory Dump Source
            • Source File: 0000000D.00000002.401659695.000000000266A000.00000040.00000001.sdmp, Offset: 0266A000, based on PE: false
            Similarity
            • API ID: LibraryLoadShim
            • String ID:
            • API String ID: 1475914169-0
            • Opcode ID: b6c5fb02cef1e10c02d92dbd97aae7d2e2c599b8afcb29a43ccac9ca0f59c276
            • Instruction ID: 91fe55c85b85d5986a1cb2746ec0c1daf2ff2fa3e72fc91ddbad5e6bc6be3d51
            • Opcode Fuzzy Hash: b6c5fb02cef1e10c02d92dbd97aae7d2e2c599b8afcb29a43ccac9ca0f59c276
            • Instruction Fuzzy Hash: EB016972500244EFDB61CE19D989B22FBE8EB14628F08809ADD89DB342D374E408CB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0266A2D8, Relevance: 1.5, APIs: 1, Instructions: 46COMMON
            Download Yara Rule
            APIs
            • SetErrorMode.KERNELBASE(?), ref: 0266A32C
            Memory Dump Source
            • Source File: 0000000D.00000002.401659695.000000000266A000.00000040.00000001.sdmp, Offset: 0266A000, based on PE: false
            Similarity
            • API ID: ErrorMode
            • String ID:
            • API String ID: 2340568224-0
            • Opcode ID: 90ca3b3f896705a4d9093fc2154d724b6e4c3c4e957e68da46b36acc2dc3a00e
            • Instruction ID: d8d792ec878f3aca38f400fda1b8134aafcc7125f48985e28f2282f96653cd82
            • Opcode Fuzzy Hash: 90ca3b3f896705a4d9093fc2154d724b6e4c3c4e957e68da46b36acc2dc3a00e
            • Instruction Fuzzy Hash: CC015E754093849FD7228B15DC48B52FFA4EF46220F0980DAED859B262D279A848CB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0266A4CE, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
            Download Yara Rule
            APIs
            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0266A512
            Memory Dump Source
            • Source File: 0000000D.00000002.401659695.000000000266A000.00000040.00000001.sdmp, Offset: 0266A000, based on PE: false
            Similarity
            • API ID: DuplicateHandle
            • String ID:
            • API String ID: 3793708945-0
            • Opcode ID: 8265c202a3ecb0d1064f347e3eb94ede22f3e3126405b5a75b929ad62948e06b
            • Instruction ID: b3d72f533dc70c3d3bc96f6d9797d51d2e663304d5b7f21d32cd34ff6d12f39d
            • Opcode Fuzzy Hash: 8265c202a3ecb0d1064f347e3eb94ede22f3e3126405b5a75b929ad62948e06b
            • Instruction Fuzzy Hash: 180180314006409FDB21CF95D948B66FFE4EF48320F08C59AEE895B612D375E418DF62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05590102, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
            Download Yara Rule
            APIs
            • FindCloseChangeNotification.KERNELBASE(?), ref: 05590134
            Memory Dump Source
            • Source File: 0000000D.00000002.406095963.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
            Similarity
            • API ID: ChangeCloseFindNotification
            • String ID:
            • API String ID: 2591292051-0
            • Opcode ID: bf449ac2f5b7516fec09b8f5da4f9abfbbea50ba0fcba11352e5c7fecfac10b3
            • Instruction ID: 079e9fa0fe899f532f2345215658d6bc2251c88df63c4603069744993499a67f
            • Opcode Fuzzy Hash: bf449ac2f5b7516fec09b8f5da4f9abfbbea50ba0fcba11352e5c7fecfac10b3
            • Instruction Fuzzy Hash: BF01D4315042408FDB11CF29DD88766FBE4FF40620F08C4AADD498F662D278E408CBB2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0266B716, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
            Download Yara Rule
            APIs
            • FindCloseChangeNotification.KERNELBASE(?), ref: 0266B748
            Memory Dump Source
            • Source File: 0000000D.00000002.401659695.000000000266A000.00000040.00000001.sdmp, Offset: 0266A000, based on PE: false
            Similarity
            • API ID: ChangeCloseFindNotification
            • String ID:
            • API String ID: 2591292051-0
            • Opcode ID: a4f80382e0cc7710111d536f6409a47126cc8153fa4dd313a03e9ef7fb8bab32
            • Instruction ID: c08ecc6da12020287ff9d774bad7b38447ec0b07dd9a10865a3dace36627d5ab
            • Opcode Fuzzy Hash: a4f80382e0cc7710111d536f6409a47126cc8153fa4dd313a03e9ef7fb8bab32
            • Instruction Fuzzy Hash: 4F01DF71900280DFDB11CF29D988766FF98EF04320F18C0AADD49DF612D274A408CBA2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055910B2, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
            Download Yara Rule
            APIs
            • PostMessageW.USER32(?,?,?,?), ref: 055910ED
            Memory Dump Source
            • Source File: 0000000D.00000002.406095963.0000000005590000.00000040.00000001.sdmp, Offset: 05590000, based on PE: false
            Similarity
            • API ID: MessagePost
            • String ID:
            • API String ID: 410705778-0
            • Opcode ID: b5e718890ada04db71a3b2ee9873ed5831ad7af3962dfca7d3247a3f0003b8ec
            • Instruction ID: 1136202afcf0af2b1661a7ed552c8fb390f39adeb567b286d29dc88a4f535622
            • Opcode Fuzzy Hash: b5e718890ada04db71a3b2ee9873ed5831ad7af3962dfca7d3247a3f0003b8ec
            • Instruction Fuzzy Hash: 6101AD35400684DFDB21CF56DE89B25FFA5FF08320F08C49ADD894B612D27AA418DFA2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0266A876, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 0000000D.00000002.401659695.000000000266A000.00000040.00000001.sdmp, Offset: 0266A000, based on PE: false
            Similarity
            • API ID: LongWindow
            • String ID:
            • API String ID: 1378638983-0
            • Opcode ID: 87cf5cbd3f9cb3475d8b501e344ffa1d557911ba0d2d552a2649ee82e81b5bff
            • Instruction ID: 852ba91eec7ebfdeeef232f71bec2da2e6bd76d30e354997bb076f85b09ce48d
            • Opcode Fuzzy Hash: 87cf5cbd3f9cb3475d8b501e344ffa1d557911ba0d2d552a2649ee82e81b5bff
            • Instruction Fuzzy Hash: 2201AD318042849FDB218F45D988722FFA4EF04320F08C09ADD895B652C3B5A809DFB2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0266A2FA, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
            Download Yara Rule
            APIs
            • SetErrorMode.KERNELBASE(?), ref: 0266A32C
            Memory Dump Source
            • Source File: 0000000D.00000002.401659695.000000000266A000.00000040.00000001.sdmp, Offset: 0266A000, based on PE: false
            Similarity
            • API ID: ErrorMode
            • String ID:
            • API String ID: 2340568224-0
            • Opcode ID: 4a3ab0c861423b1c4cd0eb0732535c4c73a3b075631e0c16aeb7ae54be61a456
            • Instruction ID: 0b6293878d2e02142502a30d6370be3e56eb833f4f85b2f4ed4e45bd517ef357
            • Opcode Fuzzy Hash: 4a3ab0c861423b1c4cd0eb0732535c4c73a3b075631e0c16aeb7ae54be61a456
            • Instruction Fuzzy Hash: DCF0AF348042808FDB21CF59D988765FFA4EF04721F0CC09ADD89AF312D379A808CEA2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289B947, Relevance: 1.5, Strings: 1, Instructions: 208COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID: [!
            • API String ID: 0-1566835060
            • Opcode ID: 3784dfc719457bd08ca2f79f067b9102c7d32babe4afe5991ac01b66a2346a09
            • Instruction ID: 5b0fb1f735b9d83e35ab720306086099e204ac8ce12011e1fc98a89bef85ceff
            • Opcode Fuzzy Hash: 3784dfc719457bd08ca2f79f067b9102c7d32babe4afe5991ac01b66a2346a09
            • Instruction Fuzzy Hash: 8271D178D16208CBDF14CFE5E588BADBBF1AF49308F28A42AD409E7294D7748985CF04
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289D661, Relevance: 1.3, Strings: 1, Instructions: 66COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID: %
            • API String ID: 0-2567322570
            • Opcode ID: ee814c584f806a71a8dba9942d81df06b6ad2241bfb63fdc73cea8d5189404b6
            • Instruction ID: 5a470088b469d0f5f53adab540b6bb2721b8ba66564a039e2457dfb5326dfab8
            • Opcode Fuzzy Hash: ee814c584f806a71a8dba9942d81df06b6ad2241bfb63fdc73cea8d5189404b6
            • Instruction Fuzzy Hash: 0031AE78D052288FCF64EF28C985BD8BBB1BB49305F1490DAD40DA7254CB34AB85CF55
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289D142, Relevance: 1.3, Strings: 1, Instructions: 64COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID: '
            • API String ID: 0-1997036262
            • Opcode ID: 1f6a675c7b4171f37582232dab4c8eff324f84525d7c3aa609623c69324ccbfe
            • Instruction ID: b557da35fbedc9cbf2314152a06470aebd7627a8eeb1b050344f7beb6d351940
            • Opcode Fuzzy Hash: 1f6a675c7b4171f37582232dab4c8eff324f84525d7c3aa609623c69324ccbfe
            • Instruction Fuzzy Hash: DD31C278E0022C8FDB24DF68CC85BDDB7B1BB09708F1484E9D109AB694DB74AA81CF55
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289DB14, Relevance: 1.3, Strings: 1, Instructions: 47COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID: "
            • API String ID: 0-123907689
            • Opcode ID: 8d6ff9427d2a3fd074f67f73e3817e4a09c4c359d0c01667e5797f37c96e8969
            • Instruction ID: f5c8f57514a0af0b8c6199b9eff6d3d8d4cdb58a297422cba8f92263b4b62799
            • Opcode Fuzzy Hash: 8d6ff9427d2a3fd074f67f73e3817e4a09c4c359d0c01667e5797f37c96e8969
            • Instruction Fuzzy Hash: 7911F87990022CCFCB24EF68C885BDCB7B1BB09304F0480D9D509EB291C734AA81CF55
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289B2BE, Relevance: 1.3, Strings: 1, Instructions: 46COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID: !
            • API String ID: 0-2657877971
            • Opcode ID: 722435fdbfdd50816e2b86428e51944707434261fd18c2cf7e568204ce150f84
            • Instruction ID: 9e341601745df4a266ccc5bfcbd1c5515bb73ce70492d7d03aca89bff668a444
            • Opcode Fuzzy Hash: 722435fdbfdd50816e2b86428e51944707434261fd18c2cf7e568204ce150f84
            • Instruction Fuzzy Hash: 8A11E678C0424CCFDB18DFA5E598B9DBBB1FF45309F189059E006A7294DB745884CF15
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289B8B1, Relevance: 1.3, Strings: 1, Instructions: 40COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID: [!
            • API String ID: 0-1566835060
            • Opcode ID: 8210ebf2aa029a48b4405ff6f27a9442f50e0f91a90930142d9992a1cb013d0e
            • Instruction ID: 2a174818b118fe1554de0ee1c01cc0335e16da077ee5bdc0770fbcd50053690e
            • Opcode Fuzzy Hash: 8210ebf2aa029a48b4405ff6f27a9442f50e0f91a90930142d9992a1cb013d0e
            • Instruction Fuzzy Hash: 1A01F974D0A248DFCF04DFB9D4959ADBBB5FF86304F1890DDD805A7251CA305A00CB55
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289D796, Relevance: 1.3, Strings: 1, Instructions: 33COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID: 0-3916222277
            • Opcode ID: 1fd85d7a8d11ca8eb9e566b3f0d422be44eb68385aed0eb817202a7b43c1d542
            • Instruction ID: dd6153f92b4918dda75b64af830fa17fb07cdd83da37dfd0d1e8ab9ed0950851
            • Opcode Fuzzy Hash: 1fd85d7a8d11ca8eb9e566b3f0d422be44eb68385aed0eb817202a7b43c1d542
            • Instruction Fuzzy Hash: EA01CA79E04228CFCF24EF64D94ABC8BBB1AB09305F1050DAE509AB690CB701A84CF55
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289D82E, Relevance: 1.3, Strings: 1, Instructions: 32COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID: (
            • API String ID: 0-3887548279
            • Opcode ID: 7672a45d11997d2702ffd0c96116c0a47d28373acd977459658c21a0a1516586
            • Instruction ID: d4ae631f63031ccd4aed55d74e588dbde3f37e30aee574ef3df1560da485a912
            • Opcode Fuzzy Hash: 7672a45d11997d2702ffd0c96116c0a47d28373acd977459658c21a0a1516586
            • Instruction Fuzzy Hash: 8401D239901228CFCF64DF58CD85BDCB7B1AB09308F1485DAE409A7650C7359AD6CF15
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289DAF7, Relevance: 1.3, Strings: 1, Instructions: 23COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID: ,
            • API String ID: 0-3772416878
            • Opcode ID: b899a77d2fd764c973eb281107a02872f9f8c636d4a620d939f33a3929cad0ad
            • Instruction ID: aa891c5e43e9ecaa4c5cfdecdaf7ba32cf1b5227abe179c6978abe037e2d8f9d
            • Opcode Fuzzy Hash: b899a77d2fd764c973eb281107a02872f9f8c636d4a620d939f33a3929cad0ad
            • Instruction Fuzzy Hash: BCF0D438805128CBDF28AE24C9897D8B7B0AB0231AF0855D6D50AA3590D7745AC5CE19
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289B0E7, Relevance: 1.3, Strings: 1, Instructions: 22COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID: "
            • API String ID: 0-123907689
            • Opcode ID: 1ddc90e6d44322d622087ef5f2493c36dc3c9c5d540abb0e9af66ccbfc6e094c
            • Instruction ID: 76c729a3541c377f7d1c204284968eb2667c9f473e1307b86ca6f9acae7fd112
            • Opcode Fuzzy Hash: 1ddc90e6d44322d622087ef5f2493c36dc3c9c5d540abb0e9af66ccbfc6e094c
            • Instruction Fuzzy Hash: 2EF0C27DD28218CFCB18CFA5F4986ACBBB0FB05309F18A555E012E3264DB349981CF00
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289C030, Relevance: .2, Instructions: 195COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 99f2402aecf20e74c029bdeb296afb46659b2902e3b51909b349ccbe06bfe210
            • Instruction ID: a183ae7ff5250ec89723e700828013783a67d25403530f26b27271e21a34e1d3
            • Opcode Fuzzy Hash: 99f2402aecf20e74c029bdeb296afb46659b2902e3b51909b349ccbe06bfe210
            • Instruction Fuzzy Hash: 8B819FB8D05218CFDF18EFE8D5446AEBBB2BF49704F24902AE819A7350DB355A41CF51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289C021, Relevance: .2, Instructions: 187COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4b38b48ca5fcb630d4a8741bfb33278366f0239fe47c89729fe5ba3ddafc81cf
            • Instruction ID: 9f3784ff6f19d9351b96ba9929adbc5ce4efeb3a9129b66c1ce52338d0719ee3
            • Opcode Fuzzy Hash: 4b38b48ca5fcb630d4a8741bfb33278366f0239fe47c89729fe5ba3ddafc81cf
            • Instruction Fuzzy Hash: 30819EB8D05208CFDF18DFE8D9846EDBBB2BF89304F24912AE819A7251DB355A41CF51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0267A5AC, Relevance: .1, Instructions: 142COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401685239.0000000002672000.00000040.00000001.sdmp, Offset: 02672000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 96b3be1828f73ffe1578d8b74a84c246b5163203352363895728855c5c9a75d1
            • Instruction ID: 410a3f53e5e8cf657d6e3dc1ec196f103e630928ada8a7c3e82fe5b759045cf3
            • Opcode Fuzzy Hash: 96b3be1828f73ffe1578d8b74a84c246b5163203352363895728855c5c9a75d1
            • Instruction Fuzzy Hash: 3741A2B6509380AFD311CF15DC45A57FFE8EF85620F18C99EFD899B212D235A904CBA2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 028944AA, Relevance: .1, Instructions: 139COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6bee5f5b5f8c72396da28e4b2002b3cd5b8d87a8f65007b7da6d8f38a959b489
            • Instruction ID: 774e057c01d48753220bd4626a5b3893cbda04dc63449462e6ec2c8f5e6ba7a7
            • Opcode Fuzzy Hash: 6bee5f5b5f8c72396da28e4b2002b3cd5b8d87a8f65007b7da6d8f38a959b489
            • Instruction Fuzzy Hash: D9515D78E052299FDF10CFA8C880BEDBBB6BB49310F1594A9E519EB241D7749A85CF10
            Uniqueness

            Uniqueness Score: -1.00%

            Function 02893F67, Relevance: .1, Instructions: 126COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6bc89a9d728421fa189a4846fda6fdfd3300325a77c7c4941fe9640f52d546c4
            • Instruction ID: 9d9f2dbbebca22b930cb788c62ec3e1d5ec66cd41e7f7ba8d1f6dd5d442260a4
            • Opcode Fuzzy Hash: 6bc89a9d728421fa189a4846fda6fdfd3300325a77c7c4941fe9640f52d546c4
            • Instruction Fuzzy Hash: DC519D78E05248CFCF54DFB8D488AADBBF1BB49304F245869E80AEB350E7359985CB10
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289BA5C, Relevance: .1, Instructions: 121COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ec16c815629131d52d4063178522cdabcdd09fb1a3b3ceea2371442cf1b4e542
            • Instruction ID: 1d7485174bee867f3652409928d0a63dc753f1a76abe71a98a818d77036872b9
            • Opcode Fuzzy Hash: ec16c815629131d52d4063178522cdabcdd09fb1a3b3ceea2371442cf1b4e542
            • Instruction Fuzzy Hash: AA41B178D5A208CBCF14CFE5E588BEDBBF5AB09308F18A42AD009E7295D7749895CF04
            Uniqueness

            Uniqueness Score: -1.00%

            Function 028900B8, Relevance: .1, Instructions: 114COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d3ff398f975f58ae39f9c51f5bf24191e3583c8bdfc858fbcd8dde3e5afa0837
            • Instruction ID: fbb6b4e0a2e3dd54003f2646f7c8a5acdfc70fcd27d1c55cfbc7779ec636651d
            • Opcode Fuzzy Hash: d3ff398f975f58ae39f9c51f5bf24191e3583c8bdfc858fbcd8dde3e5afa0837
            • Instruction Fuzzy Hash: 4051E534E01209DFCB08DFA8D5889ADF7B2FF89304F2485A9D819A7355DB30AA81CF44
            Uniqueness

            Uniqueness Score: -1.00%

            Function 02894928, Relevance: .1, Instructions: 108COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7edbde9e5fffaa7438c4758d2171b27e382c755385b2396759a3ec339f1c3b22
            • Instruction ID: f1c12979b2cc401cc37fb544455310332f55e50a7c4774904e025b58636e4cde
            • Opcode Fuzzy Hash: 7edbde9e5fffaa7438c4758d2171b27e382c755385b2396759a3ec339f1c3b22
            • Instruction Fuzzy Hash: B031D438F042598FCF11DBBD88546AEBBB2BF85700F2884AAD409EB351DB305D06CB61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 028900A9, Relevance: .1, Instructions: 106COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3b6c3853b0ea99a2112f1e7470d508dee20222bebf5a8b366a451eefd11c1482
            • Instruction ID: a934e51fccc6af85a7a34d0a261f640127bfcd6621c815c815cfbb6f905c8d1a
            • Opcode Fuzzy Hash: 3b6c3853b0ea99a2112f1e7470d508dee20222bebf5a8b366a451eefd11c1482
            • Instruction Fuzzy Hash: B141E634E01209DFCB04DFA8D5889ADF7B2FF89305F2485AAD819A7355D730AA85CF44
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0267A6D8, Relevance: .1, Instructions: 89COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401685239.0000000002672000.00000040.00000001.sdmp, Offset: 02672000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a3277a54835a44411399efae790e88d39a97eee05b9398738af9c289ae074e01
            • Instruction ID: 42b07302578f1a71bc8bfabe65873413560553cd3a9f6c889c0b67d00c436430
            • Opcode Fuzzy Hash: a3277a54835a44411399efae790e88d39a97eee05b9398738af9c289ae074e01
            • Instruction Fuzzy Hash: B331B4B6508340AFD751CF19DC41A57FFE8EB89620F08C85EFD8997212D235A804CFA2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0267A394, Relevance: .1, Instructions: 85COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401685239.0000000002672000.00000040.00000001.sdmp, Offset: 02672000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a854945c1c561c309ca1bb3e71831ca955c0c9d34b0894b3f9e0bddf452637ec
            • Instruction ID: fbb0e4434f1913d685e4f5e6dee0af77a1d373c8c4ac9bb1d099ed766e08a9cf
            • Opcode Fuzzy Hash: a854945c1c561c309ca1bb3e71831ca955c0c9d34b0894b3f9e0bddf452637ec
            • Instruction Fuzzy Hash: 5421B5B65083407FD3118F55AC41D67FFACEB85630F08C86EFD499B212D176A8048BB2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0267A818, Relevance: .1, Instructions: 84COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401685239.0000000002672000.00000040.00000001.sdmp, Offset: 02672000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6fe44c8d0659273fcf63a888b33ddda21ee6d88213c52c3f8735e158489f4f4a
            • Instruction ID: 0e0e59cca687c4cceb7c012a0b40e6b61e0d4a58d9d0171f50f767a21efdd7fc
            • Opcode Fuzzy Hash: 6fe44c8d0659273fcf63a888b33ddda21ee6d88213c52c3f8735e158489f4f4a
            • Instruction Fuzzy Hash: 74213DB6544340BFD210CF4AEC41D67FBE8EB88660F14C92EFD4997211D275A9149BA2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0267A944, Relevance: .1, Instructions: 84COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401685239.0000000002672000.00000040.00000001.sdmp, Offset: 02672000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4f136d551c9dbe3a3235a51cd55eaae845675142375582e682a3bea3f9bae80f
            • Instruction ID: 0de678721406fc4e0ec0fcaf8ce1bc78065a1336136b46ba374b2beb4f529594
            • Opcode Fuzzy Hash: 4f136d551c9dbe3a3235a51cd55eaae845675142375582e682a3bea3f9bae80f
            • Instruction Fuzzy Hash: E5214FB6504340BFD310CF4AEC41D67FBE8EB88660F14C91EFD4997211D275A9149BA2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0267AAB4, Relevance: .1, Instructions: 81COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401685239.0000000002672000.00000040.00000001.sdmp, Offset: 02672000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2c2862222b52a8eab30989354a0fb4ecc36618c1d7e3cba6a5949e4505e51438
            • Instruction ID: 7df46763bf56e2b835a39d807b0b0cef3de27448a4f225c4dd1a6734931d8dc3
            • Opcode Fuzzy Hash: 2c2862222b52a8eab30989354a0fb4ecc36618c1d7e3cba6a5949e4505e51438
            • Instruction Fuzzy Hash: D93148B550E3C19FD302CF259850A56BFF4EF8A614F0888DEE8C8DB253D2759908CB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0267A17C, Relevance: .1, Instructions: 80COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401685239.0000000002672000.00000040.00000001.sdmp, Offset: 02672000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f7d6ca9a0577f2eb00fe5644972bbdb4880bd597eba144f54e8ac2043cd2e211
            • Instruction ID: 8d2b188876eb04fc59fc50677da0e59c596c58b18c51847d04b3bb096d36159a
            • Opcode Fuzzy Hash: f7d6ca9a0577f2eb00fe5644972bbdb4880bd597eba144f54e8ac2043cd2e211
            • Instruction Fuzzy Hash: 2521D7B66042407FE3118F06AC41E63FFACEB85630F08C55EFD499B202D276A8148BB5
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289BDBF, Relevance: .1, Instructions: 78COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a98058d41a7a74cc57d262a3badc5adb4fdf237958c6b32c74ede9400c2b7257
            • Instruction ID: 041e297667aece4df2e6cdda9948a299133bf4f17c72cab1b0fa8be6c74056b8
            • Opcode Fuzzy Hash: a98058d41a7a74cc57d262a3badc5adb4fdf237958c6b32c74ede9400c2b7257
            • Instruction Fuzzy Hash: B2316BBCC092498FCF01CFA4E5582EEBBF9AB09318F28549AC515E7282D3384A41CF61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0267A82E, Relevance: .1, Instructions: 75COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401685239.0000000002672000.00000040.00000001.sdmp, Offset: 02672000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e7acd568b4eecee2e65af5ca6e99daf4ef86f5f173fe6f18395e0b495f0131d0
            • Instruction ID: 45f7f13f49944d1af1d14dc7a013ca8c313cc87b8c06ef11a9ec15d208bc7447
            • Opcode Fuzzy Hash: e7acd568b4eecee2e65af5ca6e99daf4ef86f5f173fe6f18395e0b495f0131d0
            • Instruction Fuzzy Hash: CF215EB6548340AFD350CF0AEC41A57FBE8EB88630F14C92EFD499B301D275A9148FA2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0267A95A, Relevance: .1, Instructions: 75COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401685239.0000000002672000.00000040.00000001.sdmp, Offset: 02672000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3debf077b7c99f2cc6d5540afeddbed0f44d917afd15d84601d019ac924134b0
            • Instruction ID: 638acd085c15f06120883014b3bdefcd59fb0a8c844da80c4f9b65786046ff2e
            • Opcode Fuzzy Hash: 3debf077b7c99f2cc6d5540afeddbed0f44d917afd15d84601d019ac924134b0
            • Instruction Fuzzy Hash: 812150B6504300AFD350CF0AEC41A57FBE8EB88630F14C92EFD4997301D275A9148FA2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0267A702, Relevance: .1, Instructions: 75COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401685239.0000000002672000.00000040.00000001.sdmp, Offset: 02672000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 73015cb603ebeb0687b0e324f2dfbe9b7b14614740adc5a5400e81b1cd199543
            • Instruction ID: 5d202f7d4c721b22ca9cf98e4112b6a7153d4d9d6d26739f87c78dc6fa951363
            • Opcode Fuzzy Hash: 73015cb603ebeb0687b0e324f2dfbe9b7b14614740adc5a5400e81b1cd199543
            • Instruction Fuzzy Hash: A5214CB6508300AFD250CF0AEC41A57FBE8EB88630F14C92EFD499B301D275A9148BA2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289DE57, Relevance: .1, Instructions: 73COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b5141c2f22250b40f71030615a61b0f00effd3d17a9ed952d02656cb261336f2
            • Instruction ID: 98d41edae4c217c05c0f1015225eda525850c57cf9405790e4d1af4a9da8d69e
            • Opcode Fuzzy Hash: b5141c2f22250b40f71030615a61b0f00effd3d17a9ed952d02656cb261336f2
            • Instruction Fuzzy Hash: 7631B278D0822CCBCB64EF64D8897ECBBB1EB59305F14A4E6D449A3250DB715A85CF05
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289BC81, Relevance: .1, Instructions: 72COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8b5938c1838fc13adb9eadfdac87443c0a4230393c7e845b181ed693231d659b
            • Instruction ID: 27401673d7e1f8c19e8dda0b3c41c8ce6165ac06777c475df22de79235c9d9be
            • Opcode Fuzzy Hash: 8b5938c1838fc13adb9eadfdac87443c0a4230393c7e845b181ed693231d659b
            • Instruction Fuzzy Hash: C7212678C49209CFDF08DFA8E4483EDBBF0EB0931DF28459AD416A2290DB780A41CF55
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0267A3BE, Relevance: .1, Instructions: 69COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401685239.0000000002672000.00000040.00000001.sdmp, Offset: 02672000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7d7e314c99479ddb930dc3c56b2f6cc7131a6d6a6a631920be80d16036325023
            • Instruction ID: 792144fe4ef48374687a7a8cca682035405a7abd2e01dc5b5e2c7d47de12f7a7
            • Opcode Fuzzy Hash: 7d7e314c99479ddb930dc3c56b2f6cc7131a6d6a6a631920be80d16036325023
            • Instruction Fuzzy Hash: E31193B6544200BFD6108F4AEC41D67FBECEB84630F18C96AFD499B311D276A5149BA2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0267A5D6, Relevance: .1, Instructions: 69COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401685239.0000000002672000.00000040.00000001.sdmp, Offset: 02672000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 58fc1927059a23011e5b07478f57bd0a2795a422ce0c9950ca7d38199dfcb76f
            • Instruction ID: a199c76b9830e44ab3330e2edf99f3979d654b9bd4a8476917e2bcb1660b9827
            • Opcode Fuzzy Hash: 58fc1927059a23011e5b07478f57bd0a2795a422ce0c9950ca7d38199dfcb76f
            • Instruction Fuzzy Hash: C411E676504200BFD2108F0AEC41E67FBECEB84630F18C82EFD499B301D276B4149BA2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0267A62C, Relevance: .1, Instructions: 65COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401685239.0000000002672000.00000040.00000001.sdmp, Offset: 02672000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ddec7d58ec303ec4b92ccf69f4c925fc384fea6493e2de933461fb1dfc2fdea1
            • Instruction ID: 561a8cf855732f2a5ab9cf7d2e06b5ae4020b207cc92707ead6c9b9bfe768c3b
            • Opcode Fuzzy Hash: ddec7d58ec303ec4b92ccf69f4c925fc384fea6493e2de933461fb1dfc2fdea1
            • Instruction Fuzzy Hash: FB215EB550D380AFD312CF25DC51956BFF4EF86620F0989DAF888DB253D235A908CB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0267A1A6, Relevance: .1, Instructions: 64COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401685239.0000000002672000.00000040.00000001.sdmp, Offset: 02672000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 241a5bf61135c18d859c1e2f0f07aa7cacbf9d1232cfec98dd262d5fa101aca2
            • Instruction ID: a9a8e0897f659019ae474e204fcbd663baba3f2ca103349047f6491932808f10
            • Opcode Fuzzy Hash: 241a5bf61135c18d859c1e2f0f07aa7cacbf9d1232cfec98dd262d5fa101aca2
            • Instruction Fuzzy Hash: 47110676604200BFE2108E4AEC41E62FB9CEB84630F08C46EFD095B201D176B8149BB5
            Uniqueness

            Uniqueness Score: -1.00%

            Function 02894F8A, Relevance: .1, Instructions: 61COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 52e75b2f8a07b844d5499095cdd9566e14c24708b4e03fa01a7a1b8750040737
            • Instruction ID: efd9d2548af4fc63e0916f347853cda3b8b8965ea11755220f547953ba4736a7
            • Opcode Fuzzy Hash: 52e75b2f8a07b844d5499095cdd9566e14c24708b4e03fa01a7a1b8750040737
            • Instruction Fuzzy Hash: 0C31D478901249CFDB44DFA8D589B8CBBF1FB08319F1881A9E40AEB764DB749985CF11
            Uniqueness

            Uniqueness Score: -1.00%

            Function 026A0726, Relevance: .1, Instructions: 59COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401763311.00000000026A0000.00000040.00000040.sdmp, Offset: 026A0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b8e3af9fe4110718c2a2cea061486607e80417f5db8cefb27b379223e9e7bf63
            • Instruction ID: 7072a96ad29c595efea7b3587fc601be15ed59e242030a1c2f770a9619e7d142
            • Opcode Fuzzy Hash: b8e3af9fe4110718c2a2cea061486607e80417f5db8cefb27b379223e9e7bf63
            • Instruction Fuzzy Hash: 0921273550D3C09FD7138B20D860B55BFB2AF57304F2985DAD8889B6A3C73A881ACF52
            Uniqueness

            Uniqueness Score: -1.00%

            Function 026A075C, Relevance: .1, Instructions: 59COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401763311.00000000026A0000.00000040.00000040.sdmp, Offset: 026A0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ff20e53bd25569729a5cee55446819d08073d5232a05b60c761fb8d8317c9552
            • Instruction ID: 6a6ea0b9f3a4ff3249c5ded347fb543f22658c86307cccc79001ecd3ed3c4eec
            • Opcode Fuzzy Hash: ff20e53bd25569729a5cee55446819d08073d5232a05b60c761fb8d8317c9552
            • Instruction Fuzzy Hash: 7811B134204284DFD716CB64C994B26BBE5EB89B08F28C9ACE9491B753C77BD803CE51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289B213, Relevance: .1, Instructions: 56COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c80587a57aad4ebe267c26fc2417e4c084f734b028a084bc73ee8ce8907b0406
            • Instruction ID: b822a5f9e104d454ea6267b6f76b3c1cf7219a281cb1ce657be3bb0903ef9387
            • Opcode Fuzzy Hash: c80587a57aad4ebe267c26fc2417e4c084f734b028a084bc73ee8ce8907b0406
            • Instruction Fuzzy Hash: CF21E37891531CCFCB14CF65E98979DBBB1FB09308F1851A9E41AE3260DB749984CF01
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289AF68, Relevance: .1, Instructions: 56COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3baa1e06b0bd894a5d31921577466a946f2bf12b7f486dcab12d78b7c65ec87b
            • Instruction ID: 13e742b32591a466a3d9e3f6f58110cb32c17bc3f6b03905824a330a6c97d546
            • Opcode Fuzzy Hash: 3baa1e06b0bd894a5d31921577466a946f2bf12b7f486dcab12d78b7c65ec87b
            • Instruction Fuzzy Hash: FA2117B9D0420A8FCF05CF94D581AEEBBB1FF48304F14815AD819A7251D7359A41DF50
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0267AAF5, Relevance: .1, Instructions: 56COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401685239.0000000002672000.00000040.00000001.sdmp, Offset: 02672000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c12f5edcabcbd5f5c9f4e9db6b71be757c6265e7d41a91d9c7af7c1659508ffa
            • Instruction ID: 72f0398b5723a8fc9d9580a60db8f54b47dbbab73df4b8d50803ce83aeffeb49
            • Opcode Fuzzy Hash: c12f5edcabcbd5f5c9f4e9db6b71be757c6265e7d41a91d9c7af7c1659508ffa
            • Instruction Fuzzy Hash: AB11D7B5908341AFD350CF19D981A5BFBE8FB88664F04892EF898D7311D275E9048FA2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289AF78, Relevance: .1, Instructions: 55COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 776f6f46d564b0e04f386db304e6114c8af6ad4c96236a95ac0e2b542cd8a582
            • Instruction ID: b649fadc656b700cf11beed267f40b52b52cccb47401bdb25220636f21f431e8
            • Opcode Fuzzy Hash: 776f6f46d564b0e04f386db304e6114c8af6ad4c96236a95ac0e2b542cd8a582
            • Instruction Fuzzy Hash: 4921AEB8E0420ACFCB08DF98D585AEEBBB5BF48304F148169D815AB750DB35AA40CF90
            Uniqueness

            Uniqueness Score: -1.00%

            Function 02890014, Relevance: .1, Instructions: 53COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c6bad58a5b25a8f42e26aa44f72079cc24a7edb0c8c2d8836479c613c25479e7
            • Instruction ID: 528dcc42bbfff57356d558eba31bad31ce7bdb4766da4a2b8bfe639739eb814e
            • Opcode Fuzzy Hash: c6bad58a5b25a8f42e26aa44f72079cc24a7edb0c8c2d8836479c613c25479e7
            • Instruction Fuzzy Hash: 8001785154E3C0AFC7079BB8587AAAABF715F83108B1E05DFC0C5DB1A3C91A0A1AC362
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289C590, Relevance: .0, Instructions: 49COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bec50b6591e8cee82a9731c1a24551d825dd090b3e111ca579ca95c3239ab664
            • Instruction ID: 248e166c00430028c9df240e897c4700c19ef7a6b5edd3fb0488ebdc9e31b828
            • Opcode Fuzzy Hash: bec50b6591e8cee82a9731c1a24551d825dd090b3e111ca579ca95c3239ab664
            • Instruction Fuzzy Hash: 6101D67480E3C89FCB02CB74C95129D7F70AF47204F6901DBC484DB293D6325A42C752
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0267A104, Relevance: .0, Instructions: 49COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401685239.0000000002672000.00000040.00000001.sdmp, Offset: 02672000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8196dbad63190c08cb58874739a4b1d8104a267f201cb2f25882890bbda4665e
            • Instruction ID: a538fbfa9da55aa4a74caa9b45990bdf18c6fd2e8263e131c4211d0576238302
            • Opcode Fuzzy Hash: 8196dbad63190c08cb58874739a4b1d8104a267f201cb2f25882890bbda4665e
            • Instruction Fuzzy Hash: CB01D47640D3C06FE3134B655C55AA2BF78EF43620F0884CBE9C49F153D11A6919D7B2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 026A05CF, Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401763311.00000000026A0000.00000040.00000040.sdmp, Offset: 026A0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fff3f0f3d87578840fe1fc155fc5aa5f4f45aa0519264b04bfd4195ecdd43ec2
            • Instruction ID: 615da66511fbc4284a6112df9218b80b87d3635e20f9b4538f86319dd3527a8e
            • Opcode Fuzzy Hash: fff3f0f3d87578840fe1fc155fc5aa5f4f45aa0519264b04bfd4195ecdd43ec2
            • Instruction Fuzzy Hash: E901D67150D3C06FD7128F16AC44862FFB8EF86220709C4DFEC898B613D169A808CBB6
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289D23D, Relevance: .0, Instructions: 38COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1e9b50ff659d438d715ed0bb1e2a6c33b57d1f664a8319571885e5f5e1852f8c
            • Instruction ID: 455a16d2df178e0b0b4bde82d3ceea9f6f053b4a599aa618f435f7c7d0623153
            • Opcode Fuzzy Hash: 1e9b50ff659d438d715ed0bb1e2a6c33b57d1f664a8319571885e5f5e1852f8c
            • Instruction Fuzzy Hash: DB11D07890012CCFCF64EFA8C985BECBBB1AB49309F1440E9D40DAB690C7359A85CF15
            Uniqueness

            Uniqueness Score: -1.00%

            Function 02893CEF, Relevance: .0, Instructions: 35COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2aa3d36d85095df95436406418f880c0f2a489e9d4ac7b7fae7a72693d581de7
            • Instruction ID: d0ce0b713328cc391ad58b1b6399c2f36e2cfa80e45acddcb3a66e5a046eab82
            • Opcode Fuzzy Hash: 2aa3d36d85095df95436406418f880c0f2a489e9d4ac7b7fae7a72693d581de7
            • Instruction Fuzzy Hash: 48016934909284AFCB06DFA8C45499EBFB0FF46304F1881DAD844DB352C634A994CB92
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289D368, Relevance: .0, Instructions: 34COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dda05f5a70f63fbac8c75ec319fa2eca5520fa2d78a6762181f633450c1f8f12
            • Instruction ID: c062e3d27bee26da074fdfde0f774d6d3b067117cfbe3d36a7f0d4cb7e1a0f1e
            • Opcode Fuzzy Hash: dda05f5a70f63fbac8c75ec319fa2eca5520fa2d78a6762181f633450c1f8f12
            • Instruction Fuzzy Hash: 2201163980426CCFCB28EF28C9893ECBBB1AB05315F1445EAC00AA7694CB345AC4CF19
            Uniqueness

            Uniqueness Score: -1.00%

            Function 028949E8, Relevance: .0, Instructions: 34COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 96ba1f89916913c46ee3e2f3b445ed91168678db4b8347b755a4bd5c42dac9a0
            • Instruction ID: fc136c95b97011e3ce2bb7f1ef2c883a044c60262933c06e3260975117eb42de
            • Opcode Fuzzy Hash: 96ba1f89916913c46ee3e2f3b445ed91168678db4b8347b755a4bd5c42dac9a0
            • Instruction Fuzzy Hash: F9F06DB8D042589FCB05DFB8C4886EEBBF0EF0A314F1484AAD808E7351E7344A16DB51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 02894A4F, Relevance: .0, Instructions: 33COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 900d93dcb51885ad0d2ff19c3e957626450f70b7bac55357cbde10d655423993
            • Instruction ID: 76dea91b73ccf25402f85f818d8be6116f43440039e8f941a6be983bf34074ef
            • Opcode Fuzzy Hash: 900d93dcb51885ad0d2ff19c3e957626450f70b7bac55357cbde10d655423993
            • Instruction Fuzzy Hash: B4F08CB4D05248AFCB02DFB4D8456AEBFB1EF46204F204499C880A7352C7714A14CB56
            Uniqueness

            Uniqueness Score: -1.00%

            Function 02893EA0, Relevance: .0, Instructions: 32COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a135191b1914d1e43383abd6b978f55c123c5a9b615754f5e5e9e0922dc9c1fb
            • Instruction ID: 374eceb2609b86e90e34cb94e28cba168f80f5f7f8cd748ff2816e8b1e24ff7f
            • Opcode Fuzzy Hash: a135191b1914d1e43383abd6b978f55c123c5a9b615754f5e5e9e0922dc9c1fb
            • Instruction Fuzzy Hash: 7DF0E2348063849FCB0ADF74E8A45DCBF70EF07310F0491D6C8459B282C73009A9CB51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 026A0818, Relevance: .0, Instructions: 31COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401763311.00000000026A0000.00000040.00000040.sdmp, Offset: 026A0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8d74a29df55c69f98ab7c4b2aae8ba2665a8ebae01658a76b7ab1be4c5fff073
            • Instruction ID: c83f37ff5ec60ded2251e71b4f561b27b83d9722518c09c1e640b56712ae95db
            • Opcode Fuzzy Hash: 8d74a29df55c69f98ab7c4b2aae8ba2665a8ebae01658a76b7ab1be4c5fff073
            • Instruction Fuzzy Hash: 73F01D35108644DFC716CF40D980B15FBA2EB89718F24C6ADE9490B752C337D813DE81
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289E1E0, Relevance: .0, Instructions: 30COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f649f95f1f3f6768e6563dcfd2933c9697ec15adba86e12172de957387e735b9
            • Instruction ID: 26476e73289189fb45711fde8863e4ec84b3c8a0ebf09ce0f85371f8f3d4acf0
            • Opcode Fuzzy Hash: f649f95f1f3f6768e6563dcfd2933c9697ec15adba86e12172de957387e735b9
            • Instruction Fuzzy Hash: 43F03A79804108ABCF40DF94D886A9DBBB1EB48304F2480A9E81993351C7329A52DB81
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289CBD7, Relevance: .0, Instructions: 29COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cac4faba43d920f0b32af0f91683dd573582db7b98f32d3beb17db297c9a92f1
            • Instruction ID: b8cafa70e83c340e8e446c7d5d663df8cd9bfb3d677ac58f602e0290aefc4f45
            • Opcode Fuzzy Hash: cac4faba43d920f0b32af0f91683dd573582db7b98f32d3beb17db297c9a92f1
            • Instruction Fuzzy Hash: 5EF08234C08308DFCB04DFA4E58A9DDBF74FF4A305F2491AAD44993265CB355945CB45
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289E3B1, Relevance: .0, Instructions: 28COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 86100ab8d9115d9beb65c0f056b669bf1e0fe49e0c7650f190003b54f686a007
            • Instruction ID: 813322efc36fba80b9143035b26c156ca43a6191cfb6da924f6b2eb466634d0d
            • Opcode Fuzzy Hash: 86100ab8d9115d9beb65c0f056b669bf1e0fe49e0c7650f190003b54f686a007
            • Instruction Fuzzy Hash: 37F0E538C14108EFCB40DF94C4867ADBFB4EB48304F1880BADC8893342C7329A42DB85
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289B307, Relevance: .0, Instructions: 28COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3e0b91ce1ce86be2c4457e5be0e0b583a2f185bc53c351e89978764eba0fcd62
            • Instruction ID: eaece1dc09c0c28693db909a12df1b883dc983bb4ab7ee16b7d010a1e59e8594
            • Opcode Fuzzy Hash: 3e0b91ce1ce86be2c4457e5be0e0b583a2f185bc53c351e89978764eba0fcd62
            • Instruction Fuzzy Hash: 6CF0DA79C29219CFCB18CFA2E1593FEBEB0EB0530AF04502AE055A31A1D7780284CF50
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289C489, Relevance: .0, Instructions: 28COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 733c74e1a967566274815c4470e890cf4e6473489dd9e62adbc0ba51f6582207
            • Instruction ID: 64e76a8c7669328897cab34f719fdf7c4c4a31bd18ad19291abdf9c0e313063b
            • Opcode Fuzzy Hash: 733c74e1a967566274815c4470e890cf4e6473489dd9e62adbc0ba51f6582207
            • Instruction Fuzzy Hash: 3FF0A73C64D2D94FCB16CFB89A5046C7FB0AA46108B2841DBDC8CCB393C6275916C742
            Uniqueness

            Uniqueness Score: -1.00%

            Function 02893D00, Relevance: .0, Instructions: 28COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1e6a632004b0c23fbc423b5961557180781f31c1951229701bc2a64e66ef4577
            • Instruction ID: 27478c6820c744ea85fae7a26a9c2a092574fb8f1bf2b9417b600392f97dcdb1
            • Opcode Fuzzy Hash: 1e6a632004b0c23fbc423b5961557180781f31c1951229701bc2a64e66ef4577
            • Instruction Fuzzy Hash: E1F03A78D00208EFCB04EFA8D14499EBBB1FF44304F148599E804A7350C730AA90CB96
            Uniqueness

            Uniqueness Score: -1.00%

            Function 026A05F6, Relevance: .0, Instructions: 27COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401763311.00000000026A0000.00000040.00000040.sdmp, Offset: 026A0000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 60e210395b01d943f6f6d938534d2a26295971dd3756f5ce433864743609a725
            • Instruction ID: 67e30a8b9fb4dd2fc5c6d1e05bd695fd8798c64e2f27903a8c58affc32479de2
            • Opcode Fuzzy Hash: 60e210395b01d943f6f6d938534d2a26295971dd3756f5ce433864743609a725
            • Instruction Fuzzy Hash: 9CE092766446004BD650CF0AED45452F7D8EB84630718C07FDC4D8B700E579B504CFA6
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289C648, Relevance: .0, Instructions: 27COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ef6139f29bccae3221a158c333f27ebe5c43878df51c1d3805bad20f4200e118
            • Instruction ID: 5dc2864c7d8c30b6e126c4373ca947ce9872804b122ee2404a7fd6c75919b197
            • Opcode Fuzzy Hash: ef6139f29bccae3221a158c333f27ebe5c43878df51c1d3805bad20f4200e118
            • Instruction Fuzzy Hash: 17E0D8395D91888BCB01CAB89AA17DC7F60EB02008FA815DDCCC993353D52356178287
            Uniqueness

            Uniqueness Score: -1.00%

            Function 02894A60, Relevance: .0, Instructions: 27COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f032a7af49a2f50e9039521fbbd7fc4e48dbf3bcaa8cf971381af0efa57f04a4
            • Instruction ID: 662605f9dfc70d7d8f224e3afcdd20c1127f219b0eb158672dffb74bcd4c15e1
            • Opcode Fuzzy Hash: f032a7af49a2f50e9039521fbbd7fc4e48dbf3bcaa8cf971381af0efa57f04a4
            • Instruction Fuzzy Hash: 46F0F8B8D00208AFCB04EFE5D549AAEBBB1FB44308F205598C84467750D7759E54DF65
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289E400, Relevance: .0, Instructions: 27COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 50e1c49eb26b5b09982cf9e8cab139719a9e55daf435a2e1ce5a4beacce6c40f
            • Instruction ID: bd57902382079711cc38f72e01b04090caa9eaa06277599bababfb56739b4198
            • Opcode Fuzzy Hash: 50e1c49eb26b5b09982cf9e8cab139719a9e55daf435a2e1ce5a4beacce6c40f
            • Instruction Fuzzy Hash: A1E0ED78D15108EBCB44DB98D48679DBBB4EB89308F1491AADC0997341DA32AA46CB85
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289B5A9, Relevance: .0, Instructions: 27COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 496aba37aa28ba49b4517a6b33e7cff485be8758b71a780a6adbee1417a35c3c
            • Instruction ID: b788759d00f6d89252577aa44af8655a9076c5d6ad93627a6dac7be01af1d1a5
            • Opcode Fuzzy Hash: 496aba37aa28ba49b4517a6b33e7cff485be8758b71a780a6adbee1417a35c3c
            • Instruction Fuzzy Hash: B3F0977DD18258DFDF18DFA5E45979CBBB0FB05309F04A515E016A6254CB754544CF01
            Uniqueness

            Uniqueness Score: -1.00%

            Function 02893BC8, Relevance: .0, Instructions: 26COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fcc045fe7f89a0e1a230874262797962b187876a10655a45af63dad172a49d28
            • Instruction ID: e8d072b9053a6422430ea96461b1f5d82ffe327b94d58e87b5a0e73e98e52a9a
            • Opcode Fuzzy Hash: fcc045fe7f89a0e1a230874262797962b187876a10655a45af63dad172a49d28
            • Instruction Fuzzy Hash: C5F0C074D05208EBDB04EFA9D5519AEFBB5EF45300F1091AEC81463340D7355A51DF95
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289E190, Relevance: .0, Instructions: 26COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 71f903dfd837ae2615f4c2db40f2071a0f3cfa3cb8823ff2e162f0708d7e66ac
            • Instruction ID: 1f35be11083ae63a2567d7e50f6bdc128738cb501653d9a1f416ae1c813c3760
            • Opcode Fuzzy Hash: 71f903dfd837ae2615f4c2db40f2071a0f3cfa3cb8823ff2e162f0708d7e66ac
            • Instruction Fuzzy Hash: 27F030B9808218ABCB44DF98D4427EDFFB5EF88304F1881AAD84497351DB36AB51DB85
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289B539, Relevance: .0, Instructions: 26COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c5c6ca69770396a7e4aadd1ceb6f97cf6cf61c9fe137ca1e8cb4589b6fde3fac
            • Instruction ID: 79f72e16e50572cd5294b093a18888a2e829c5ef82a1bf8d942f5953ce3e82ca
            • Opcode Fuzzy Hash: c5c6ca69770396a7e4aadd1ceb6f97cf6cf61c9fe137ca1e8cb4589b6fde3fac
            • Instruction Fuzzy Hash: D8015F78D04218CFDF64DFA9E48479CBBB2EB09304F1490AAE52AE3250DB345984CF12
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0267A34F, Relevance: .0, Instructions: 26COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401685239.0000000002672000.00000040.00000001.sdmp, Offset: 02672000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 84b22f71cf292803275a835b27caa14bbb35960e0c129c6cf2f1781f39ebac0c
            • Instruction ID: 36495854c7c665cdb0c0e8d99e510b6a2b5adb20fa7783d3f9567cf69acacbcb
            • Opcode Fuzzy Hash: 84b22f71cf292803275a835b27caa14bbb35960e0c129c6cf2f1781f39ebac0c
            • Instruction Fuzzy Hash: 91E020B65413006BD2508F06EC46B22FB9CEB44930F44C457FD085F702E0B5B5048EF6
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0267AB57, Relevance: .0, Instructions: 26COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401685239.0000000002672000.00000040.00000001.sdmp, Offset: 02672000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: db27f3a96e4c11938757d913488b3eb43f32967249a2d5d566c81c727fccba94
            • Instruction ID: 44be0b171f9464f1af86d1ff58f1f8d0e29827f2891a92490df130858b7d2126
            • Opcode Fuzzy Hash: db27f3a96e4c11938757d913488b3eb43f32967249a2d5d566c81c727fccba94
            • Instruction Fuzzy Hash: 79E0D87654130067D2509E069C46B23FB9CEB40A30F04C457ED085B702E0B5B5148AF5
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0267A8E7, Relevance: .0, Instructions: 26COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401685239.0000000002672000.00000040.00000001.sdmp, Offset: 02672000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 01599b4cefb58064708b561baf968ae167e993d529ff6c38dd6422b03c7d01de
            • Instruction ID: 6481eaa206d2df325b007c76622f38d8b31b0962cc36a02ed3416d064efda6e0
            • Opcode Fuzzy Hash: 01599b4cefb58064708b561baf968ae167e993d529ff6c38dd6422b03c7d01de
            • Instruction Fuzzy Hash: 41E0D8B654120067D2508F06AC46F22FB5CEB40A30F04C45BED085B302E0B5B5048AF5
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0267A138, Relevance: .0, Instructions: 26COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401685239.0000000002672000.00000040.00000001.sdmp, Offset: 02672000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ea397371ca6272e141e120402eb70aba565ca34df71a7023b47199274b715ad1
            • Instruction ID: 0e8a83efa40a2c7894074774eb6379e95c44b2a222fcd961b59c6c0e4a308c71
            • Opcode Fuzzy Hash: ea397371ca6272e141e120402eb70aba565ca34df71a7023b47199274b715ad1
            • Instruction Fuzzy Hash: B2E0D87554120067D2508E069C46B22FB5CEB40930F44C45BED085B302E0B6B5148AE5
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0267A68F, Relevance: .0, Instructions: 26COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401685239.0000000002672000.00000040.00000001.sdmp, Offset: 02672000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fb302e5e8666300a8e74207001e76abfeaf5cb9b43d5c362762073a903d6d1cd
            • Instruction ID: 7f3715c705903ab80987ada6b61cf00ed3ff1422b6ef4cf5615f2bd114173c93
            • Opcode Fuzzy Hash: fb302e5e8666300a8e74207001e76abfeaf5cb9b43d5c362762073a903d6d1cd
            • Instruction Fuzzy Hash: E6E0D87654120067D2609F06DC46F23FB5CEB40A30F04C45BED085B302E1B5B5048AF6
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0267A7BB, Relevance: .0, Instructions: 26COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401685239.0000000002672000.00000040.00000001.sdmp, Offset: 02672000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 33b76d90f34a7c2d16baa890bf43e2d375cbf35ba36022311b26bd07c0499f4d
            • Instruction ID: 0585109e751005554953f2fb225bcdbf7e3cd59f53f28286bbc7a21a13835f37
            • Opcode Fuzzy Hash: 33b76d90f34a7c2d16baa890bf43e2d375cbf35ba36022311b26bd07c0499f4d
            • Instruction Fuzzy Hash: CFE0D8B654124067D2508F069C4AF22FB5CEB50A30F04C46BED085B302E0B5B5048AF5
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0267A567, Relevance: .0, Instructions: 26COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401685239.0000000002672000.00000040.00000001.sdmp, Offset: 02672000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4e27c89cefc0b87b3028a9314a5e7176217f623d03ff47362210a67e8dd40e8c
            • Instruction ID: fb2bfaee5fa66fb34acaf7de05457782c894694078d6802a185c70ee62de9aaf
            • Opcode Fuzzy Hash: 4e27c89cefc0b87b3028a9314a5e7176217f623d03ff47362210a67e8dd40e8c
            • Instruction Fuzzy Hash: B3E0D87554120467D2608E069C46B22FB5CEB40930F44C457ED085B302E0B9B5048AE6
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289C6C0, Relevance: .0, Instructions: 25COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5ad6eec33343ea7dc6cbc4a25aad99cc90a061717b5ec7b626db0a3e202720be
            • Instruction ID: c9d1efb5326cc3b5ae728e96809e41360de003cbb048b2ddf8ceef4d4325156f
            • Opcode Fuzzy Hash: 5ad6eec33343ea7dc6cbc4a25aad99cc90a061717b5ec7b626db0a3e202720be
            • Instruction Fuzzy Hash: C4E0263881420CEBCF45DE54D88B7EC7F78EB04201F14005AE805E3351E7319910CA49
            Uniqueness

            Uniqueness Score: -1.00%

            Function 02894AFA, Relevance: .0, Instructions: 25COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8763a8993eb1d99e823083df413a5ddf2860f1a237c4a8b58561a71edc0d92e1
            • Instruction ID: a218e203aa5fd8b575e087a2f5933f73c164e360e1d3908af4c74a353b24e06c
            • Opcode Fuzzy Hash: 8763a8993eb1d99e823083df413a5ddf2860f1a237c4a8b58561a71edc0d92e1
            • Instruction Fuzzy Hash: 19F0E2B890420ACFCB15DF28E685ADC7BB1FB59308F504498E089D7A59CFB49A818F04
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289BF29, Relevance: .0, Instructions: 25COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7fc0c5e58f9297d4196be7677f80c5df44da18ba338fba1546104ece35041214
            • Instruction ID: 05015ac8893113e081f5f2e87c8c41bbbecd8a6dccf80817a798541dd3905b9c
            • Opcode Fuzzy Hash: 7fc0c5e58f9297d4196be7677f80c5df44da18ba338fba1546104ece35041214
            • Instruction Fuzzy Hash: C2E06D38804208ABCB04DBA4D4867ECBBB4EB04309F2441B9DC4992750E6759A40CF46
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289CC30, Relevance: .0, Instructions: 25COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b0bf895ecaaef2eda52b918beaf7a59239482a229065711f2ba8b7f000266e4a
            • Instruction ID: 4e6a3ebaa5d70dca84a1eff7d6f60c63411ca3570632e87a6fd988cb8785bb7f
            • Opcode Fuzzy Hash: b0bf895ecaaef2eda52b918beaf7a59239482a229065711f2ba8b7f000266e4a
            • Instruction Fuzzy Hash: B5F06534D0D2489FCB05DFA4D4465EDBF74EB09204F1440DAD84993262C6315A44CB8A
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289CB98, Relevance: .0, Instructions: 24COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4e342e7049dc33714f158430ee585644b6ef89c023f43908b7a1bc2077ff94d7
            • Instruction ID: c211cc19f21e44159561991e761c6bae79092f0c07318fae2382a966b09dd411
            • Opcode Fuzzy Hash: 4e342e7049dc33714f158430ee585644b6ef89c023f43908b7a1bc2077ff94d7
            • Instruction Fuzzy Hash: EFE086358991089BCB04DE98D88B7DD7B74F70530AF282169D84963651DB315545CA8A
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289E1F0, Relevance: .0, Instructions: 24COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0b13cb1e417b8db42a70d6aa681b036bd7e994e4ad6b284d428d816c9564e3ea
            • Instruction ID: 4b7291e4370332eddcf94a1a6695e0e1fc822f750fe0c1804d14f92e75ff33d2
            • Opcode Fuzzy Hash: 0b13cb1e417b8db42a70d6aa681b036bd7e994e4ad6b284d428d816c9564e3ea
            • Instruction Fuzzy Hash: E6F0153890420CEFCF04DF98D885AADBFB5FB48304F24809AEC1993351C7329A61EB81
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289C550, Relevance: .0, Instructions: 24COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9b72034f4cf902b62414a2944465ddc51dbd7fb7580391fdeb9637f157543dfd
            • Instruction ID: 65a7e7192a583ebbbeff594f4429f2649e633df7bcd14708d365fdf836f62aaf
            • Opcode Fuzzy Hash: 9b72034f4cf902b62414a2944465ddc51dbd7fb7580391fdeb9637f157543dfd
            • Instruction Fuzzy Hash: A4E07DB4C4620CABCB00DAA4C8C33DD7F74FB47304F641165C84523300D631A642C599
            Uniqueness

            Uniqueness Score: -1.00%

            Function 02893EB0, Relevance: .0, Instructions: 23COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f458058519eabc391384e87a0731584cce9bce63190a6b7255f3b3eefbf04a62
            • Instruction ID: 443eab624e55dbd9b9f550f1c2ddbe678dbd988bfac1d08a8ba582de0696f047
            • Opcode Fuzzy Hash: f458058519eabc391384e87a0731584cce9bce63190a6b7255f3b3eefbf04a62
            • Instruction Fuzzy Hash: B3E04F78C41208EBCB08EFA4E8995ADBB75EB46311F10A469DC0423740CB305AA4DB95
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289BF98, Relevance: .0, Instructions: 23COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0550ae9f2efa857221094a59538634d19befdabda6add5b5f1e6905c0647fefd
            • Instruction ID: 804140cb1d0e0d6ac3158c7fb4cbf51c2570bd27193665827d4f70b51e8dcf22
            • Opcode Fuzzy Hash: 0550ae9f2efa857221094a59538634d19befdabda6add5b5f1e6905c0647fefd
            • Instruction Fuzzy Hash: D4E0CD75D1510897CB44DAA4E4C73EEBB74EB0420CF342195DC4893741E6319D41CB95
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289C7A8, Relevance: .0, Instructions: 23COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: eedffc3f9f8c08a1bc7ffdadba63f8f49d32cc8d010b554bea7580a75b2d54e9
            • Instruction ID: f66e114a48d795bda19175547b23f7bf01281905e81497641ac07705623d22f0
            • Opcode Fuzzy Hash: eedffc3f9f8c08a1bc7ffdadba63f8f49d32cc8d010b554bea7580a75b2d54e9
            • Instruction Fuzzy Hash: 50E0CD35855108B7CF40DA6CC88B7DD7BB4EB04308F6C1069C84853742E7366E41C697
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289D020, Relevance: .0, Instructions: 23COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9b6d55239123bb3c1955fe23b762eff92e21a6ce3fa97c6cc379dc03768f3483
            • Instruction ID: 4e4733404ca4197daaedd3c10abce8106ed3c8a15dbe9facadbec6ac27979721
            • Opcode Fuzzy Hash: 9b6d55239123bb3c1955fe23b762eff92e21a6ce3fa97c6cc379dc03768f3483
            • Instruction Fuzzy Hash: E2E02678C09208DBCB04EFA4D8866EE7F34EB46305F1411A5D808A3212DB355A56CA59
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289C689, Relevance: .0, Instructions: 22COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 34fdcb724bcfbf9bfef49fc8227ae59c05bb8cdc143a7209cd1932dda5722b7a
            • Instruction ID: 4dc55a1c17f1f7b1cd5216e11bde0699b8b50c00abc0a888617d7cb585f147d0
            • Opcode Fuzzy Hash: 34fdcb724bcfbf9bfef49fc8227ae59c05bb8cdc143a7209cd1932dda5722b7a
            • Instruction Fuzzy Hash: 5CD095758171089BC744DD54C8C77EB3F2CD747214F78285ED40853313D672A500C445
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289B748, Relevance: .0, Instructions: 22COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7cf9a7805ec9d77bfc0803133b69e7bed6fadeca64c38b01ba32ceac5ada28d3
            • Instruction ID: 2ee0bf805e70a06a489395ea17b81c9d3bb9612870815b76626643c426e61b6a
            • Opcode Fuzzy Hash: 7cf9a7805ec9d77bfc0803133b69e7bed6fadeca64c38b01ba32ceac5ada28d3
            • Instruction Fuzzy Hash: B7E0863485D308EFCB04DBA4E45B5EA7FB8AF06109F18519AD40DD3562D7765840C656
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289E2B9, Relevance: .0, Instructions: 21COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 535e218dc55ac57fd1a9908c359e935dfe8d39b8d44f99cb9d06dec215dd6bc0
            • Instruction ID: f46ce1c1d5ce87d558b34c4f24601e392e0ad8400eb209c0ee58e2bd90613ab3
            • Opcode Fuzzy Hash: 535e218dc55ac57fd1a9908c359e935dfe8d39b8d44f99cb9d06dec215dd6bc0
            • Instruction Fuzzy Hash: 50D02B34016208D7CB58CAA0C4877EB3728DB42308F24116EE40852200DB738940C296
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289E3C0, Relevance: .0, Instructions: 21COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ca18dafcafc3cbf27fea1328846ab45980155109f934dff37d6ffe7ee6eb55aa
            • Instruction ID: 32af7892488dbb10f140cfc19e9d38346ead17a4f6c87ce803c5ce2a08c95f61
            • Opcode Fuzzy Hash: ca18dafcafc3cbf27fea1328846ab45980155109f934dff37d6ffe7ee6eb55aa
            • Instruction Fuzzy Hash: 59E01278D04108EFCB44DF94D5416ACFFB5EB48304F18C1AADC4853741C7769A51DB55
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289BC48, Relevance: .0, Instructions: 21COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3f83cbaf2f118c72859ead8d64e166410fc5d72190cbea07983b22d6a2858e70
            • Instruction ID: 0ba6aa15c3af081553b31d5bbe439c66f8bf6ab711b5dd86ea9f1759839611cd
            • Opcode Fuzzy Hash: 3f83cbaf2f118c72859ead8d64e166410fc5d72190cbea07983b22d6a2858e70
            • Instruction Fuzzy Hash: 91E0C234819108DBDB48EA58E887BEA7B6CEB0620DF241068E40993260CF319815C646
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289E1A0, Relevance: .0, Instructions: 21COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ca18dafcafc3cbf27fea1328846ab45980155109f934dff37d6ffe7ee6eb55aa
            • Instruction ID: 80cfaae49d73df85773e0e19a1a0d8fa397b58380d4fdccdf108431d672d3b91
            • Opcode Fuzzy Hash: ca18dafcafc3cbf27fea1328846ab45980155109f934dff37d6ffe7ee6eb55aa
            • Instruction Fuzzy Hash: A8E0ED78904108ABCB48DF94D4415ACBFB5AB88305F1881AADC4853341C6369A51DF55
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289E410, Relevance: .0, Instructions: 20COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f91368d954b100e597d8cde6ac3d14564f366d57f04a9894339997a723059384
            • Instruction ID: 9d13a81d9fae7d0b201fce5b76a07a07aecc28d29cf29a46e4e29f8a3dd38932
            • Opcode Fuzzy Hash: f91368d954b100e597d8cde6ac3d14564f366d57f04a9894339997a723059384
            • Instruction Fuzzy Hash: F2E0BF78D05108EFCB44DF98D5856ACFBB5EB89304F24C1AADC1897341D772AA41DB45
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289BF38, Relevance: .0, Instructions: 19COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 60408b92ee6961558108232dfeb931a406980c4413d4aa39327b6789a709c46f
            • Instruction ID: 5ca93cbd602ef7e6c2c9c390301c360e6054523be1b4f7573626369b392b32a7
            • Opcode Fuzzy Hash: 60408b92ee6961558108232dfeb931a406980c4413d4aa39327b6789a709c46f
            • Instruction Fuzzy Hash: 4DE04638D08208EFCF04DFA8E0856ACBFB8AB48309F2481E9E80893751DA755A40DF41
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289CC40, Relevance: .0, Instructions: 19COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3427cab3d90ef292d00c0101bdd42e4a9797058b97e08c0a56d95543ddafd11e
            • Instruction ID: a58050c396646cd13585943b052060bb5131c40b68e43248010ea67609bae824
            • Opcode Fuzzy Hash: 3427cab3d90ef292d00c0101bdd42e4a9797058b97e08c0a56d95543ddafd11e
            • Instruction Fuzzy Hash: E8E08C38C0920CEBCF04DFA8D0865ACBFB8EB48308F1081AAD809A3320CB311A44CF85
            Uniqueness

            Uniqueness Score: -1.00%

            Function 02890070, Relevance: .0, Instructions: 19COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 74dd7eab6b0e68ff8097024c0951ba76cb673a8ffa22b00c3f76124982768521
            • Instruction ID: 6c68059dc8ec8eda5d7595373ac8d4b446d7166349ba3eb97c690ba94cb81d07
            • Opcode Fuzzy Hash: 74dd7eab6b0e68ff8097024c0951ba76cb673a8ffa22b00c3f76124982768521
            • Instruction Fuzzy Hash: 59D05B31941108DBCB08EFF5E75657EB779DB42304F1015AC440563250DE721E50D7E6
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289CBA8, Relevance: .0, Instructions: 18COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 70d3ab7df38e1198f64754001e75909dd1a14b119fa1a3186637a6d667aabe8c
            • Instruction ID: dfa3c3fd1c172c7078d25a4f39ceb17fffc7616221cbbccf97b8baced70f5d9c
            • Opcode Fuzzy Hash: 70d3ab7df38e1198f64754001e75909dd1a14b119fa1a3186637a6d667aabe8c
            • Instruction Fuzzy Hash: 4ED02B3484920CDBCB04EFA8D8465AD7F38BB05305F1001A9D40863210CF311944CA45
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289C4C8, Relevance: .0, Instructions: 18COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bc9101ee79f391f380f99ecd4029ff5054ceb866e2a986f5fba366916626a2f8
            • Instruction ID: bca2a39d501a766e5b1e70118ba1cc3163c9a7321522ee6d471ac3d132131d16
            • Opcode Fuzzy Hash: bc9101ee79f391f380f99ecd4029ff5054ceb866e2a986f5fba366916626a2f8
            • Instruction Fuzzy Hash: B6E0C23894A1088BCF21CFD4E6967B83BB0AF07209F2845C6C80DD3243C63A5944CB52
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289D030, Relevance: .0, Instructions: 18COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 84acbf80849edf930b3aa33f1ca42008b73959a3ac32dcd452e9eda939b6d408
            • Instruction ID: d1760767a80e8bfa19b6a6e4e0d79b1602fee1969654b72251620242c845ebc2
            • Opcode Fuzzy Hash: 84acbf80849edf930b3aa33f1ca42008b73959a3ac32dcd452e9eda939b6d408
            • Instruction Fuzzy Hash: 83D05B7881920CDBCF04EFA4D4869ADBF74BB45305F145198D40963251DB751941CA99
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289C6D0, Relevance: .0, Instructions: 17COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b9755fade8c07ea961e6590a74ef715f93fce32daac044e817821196251d9aa9
            • Instruction ID: 8fc3b81d3c957cd32716fb7d69739bb74842416c1129752d9674cd80b4945b46
            • Opcode Fuzzy Hash: b9755fade8c07ea961e6590a74ef715f93fce32daac044e817821196251d9aa9
            • Instruction Fuzzy Hash: 08D05B3881520CDBCF44EFA4D44A5DC7F74EB05205F54119ED80993351DB725A50CB55
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289BFA8, Relevance: .0, Instructions: 17COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9840a515b6bc7b688198f10e8d7b221597ae9ab3ad2c09018e81b17971ca4235
            • Instruction ID: fef94792af33a8ec267c92695cade314fdfc69a2c20fc8b064b01ecb778d27b5
            • Opcode Fuzzy Hash: 9840a515b6bc7b688198f10e8d7b221597ae9ab3ad2c09018e81b17971ca4235
            • Instruction Fuzzy Hash: F1D05E38D1620CDBCF44EFA8E4866ADBBB8AB05208F2401E8D80C63640DA715A80CB91
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289C7B8, Relevance: .0, Instructions: 17COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 139da03c4419b4ea2316f77ac1117c2f9900de3c5c080ed75cad891ec9a009bd
            • Instruction ID: d44d7aac381d46aa0505e829bc49bcfb5984758e98bd874ddbd3ba1f593abcac
            • Opcode Fuzzy Hash: 139da03c4419b4ea2316f77ac1117c2f9900de3c5c080ed75cad891ec9a009bd
            • Instruction Fuzzy Hash: BBD05E3895520CEBCB44EBACD8866ACBF78AF05608F1801A9C80863B41DB725A90C752
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289B880, Relevance: .0, Instructions: 17COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5fd5f8326d40ddfb4016034a4f0e847a61d682e1ce66ca3ee198eaf1206dc081
            • Instruction ID: 74dcfa276917dda3e179191e577370c080a63d703a57e4a3ff6bb9a3cb03cf31
            • Opcode Fuzzy Hash: 5fd5f8326d40ddfb4016034a4f0e847a61d682e1ce66ca3ee198eaf1206dc081
            • Instruction Fuzzy Hash: 59D0A73805F2884BCF15A398785F3B5BF68AF0725EF5C2485D84C91463C6559084C396
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289BD89, Relevance: .0, Instructions: 17COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c6e57c9e8d90a502bb9369e7198a9a4c6e4d70d9c06d89c747ff2886063b8c8a
            • Instruction ID: 804a6b7aa4a55fd10169fcdacbc8e5185cdab3c466354943178180e4a4faf580
            • Opcode Fuzzy Hash: c6e57c9e8d90a502bb9369e7198a9a4c6e4d70d9c06d89c747ff2886063b8c8a
            • Instruction Fuzzy Hash: 02D02B3845E148CFDB51C79492493FC7FB0DB0620DF2C0ACAD84C82141D5390904CB11
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289E2C8, Relevance: .0, Instructions: 16COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 45c8479f7b88663968c04ad097ef797f147ba0e69b18c1e935d84352c4c65406
            • Instruction ID: 89e38a32314addbf64eb5aec65f0d17ae2a2aee92db7cd6264daa65ba086e972
            • Opcode Fuzzy Hash: 45c8479f7b88663968c04ad097ef797f147ba0e69b18c1e935d84352c4c65406
            • Instruction Fuzzy Hash: F1D0A734416208DBCB18DAE4C0417697B2DDB42308F1401ADE40C52600CB735940C695
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289B758, Relevance: .0, Instructions: 16COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cf8b88c200cbdb0dcff5ed380ac85d89fdc7ab833d224d3359392ff9e11936ef
            • Instruction ID: 50521602a570f2c6ecefe94ee21c10d421a625827b1339cfc20d019486af22d4
            • Opcode Fuzzy Hash: cf8b88c200cbdb0dcff5ed380ac85d89fdc7ab833d224d3359392ff9e11936ef
            • Instruction Fuzzy Hash: EAD0A73481A10CEBCB04DB64E44A6A97BACAB06609F141158E40C531609B721900C555
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289BC58, Relevance: .0, Instructions: 16COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 46ecb053c46eb5225e562f5b9cf95bf7152c35170319afac404db9d99b0e19eb
            • Instruction ID: 591c97cfca35f56766f671e5d0594cf0de816ad0ef8df787e19be9e1086566b1
            • Opcode Fuzzy Hash: 46ecb053c46eb5225e562f5b9cf95bf7152c35170319afac404db9d99b0e19eb
            • Instruction Fuzzy Hash: 8BD0223481E20CDFDF48DBA4E88AAEE7BACEB0260DF140098E40C93220CF725D40CA55
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289BD98, Relevance: .0, Instructions: 15COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 18edf16870e1bed12d6cf94b8fe4a6f3430f63750d02b28c3affb9fba8fd5a0d
            • Instruction ID: 5783db7abb118902bd9865380311e4f8839ab552af95495f4fc2381920995701
            • Opcode Fuzzy Hash: 18edf16870e1bed12d6cf94b8fe4a6f3430f63750d02b28c3affb9fba8fd5a0d
            • Instruction Fuzzy Hash: 85D0233841D10CDFCB54D759E04D2FD7FECD70630DF180585EC0881101CA751500C651
            Uniqueness

            Uniqueness Score: -1.00%

            Function 026623F4, Relevance: .0, Instructions: 15COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401650850.0000000002662000.00000040.00000001.sdmp, Offset: 02662000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 879cae011d322d4d9035f970c6543a284aa2e7c1728b44b1b0d0a26cc3704554
            • Instruction ID: 21acc2c9cee26834b53ab7352513581667d5ee50fd4f94a37f9695544388c4ee
            • Opcode Fuzzy Hash: 879cae011d322d4d9035f970c6543a284aa2e7c1728b44b1b0d0a26cc3704554
            • Instruction Fuzzy Hash: 7AD05E79205AC14FD3268A1CC2BCBA53B94AF52B08F4644F9EC008BB63C768D5D1D200
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289B17E, Relevance: .0, Instructions: 14COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b788bc6dd4eb6fa1a42eadb6d3a81ffa3a1e7ff23fcc2bee30a21af43d736b6d
            • Instruction ID: 6c496f68157f250d4006e1cfe8d551842b16b524bfe0b395f1d6aa08448d9f4d
            • Opcode Fuzzy Hash: b788bc6dd4eb6fa1a42eadb6d3a81ffa3a1e7ff23fcc2bee30a21af43d736b6d
            • Instruction Fuzzy Hash: 69E04279D08218CEEF14DFA5E4947DCBAB0EB05309F24945AD052A3191D7349984CF14
            Uniqueness

            Uniqueness Score: -1.00%

            Function 026623BC, Relevance: .0, Instructions: 14COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401650850.0000000002662000.00000040.00000001.sdmp, Offset: 02662000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9314ad9838fea80d3617d01ff472e640988828ffa4351f30c0b755b5df4b1c70
            • Instruction ID: 961eef8b0f41f39c98c5c707ba8aa5953059d5c0e1442513e05c232eed89c429
            • Opcode Fuzzy Hash: 9314ad9838fea80d3617d01ff472e640988828ffa4351f30c0b755b5df4b1c70
            • Instruction Fuzzy Hash: 99D05E342002814BC716DB0CC6A8F6937D4AB41B04F0A44E9AC008B362C7B5D881C600
            Uniqueness

            Uniqueness Score: -1.00%

            Function 02898C6A, Relevance: .0, Instructions: 13COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 815727dfee7fca6e98ad16e1e2e585962f71cac7ab6d811d9b654e9429659709
            • Instruction ID: 99b7d963e715dfac0e2eba2956dc7e7137cb30953e31a1a8a77bbbef08d87e0f
            • Opcode Fuzzy Hash: 815727dfee7fca6e98ad16e1e2e585962f71cac7ab6d811d9b654e9429659709
            • Instruction Fuzzy Hash: 58E092B8A05229EFCB24EF64E989A88B7F0FB0C304F0051E5950AA3310D7305E85CF08
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289B890, Relevance: .0, Instructions: 12COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1001496cc2e3e04f6592765562bf6ab6cd9731a51629a2beba3879338735f6d8
            • Instruction ID: 571ea32d8d5f75c3487e9d4489596569db5dab7c92d639b19ae2e4bd23f49666
            • Opcode Fuzzy Hash: 1001496cc2e3e04f6592765562bf6ab6cd9731a51629a2beba3879338735f6d8
            • Instruction Fuzzy Hash: E9C02B3806F20883CF18F384B08E3B53A4CEB4B72DF1C2404E80C508224FB15080C155
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0289B513, Relevance: .0, Instructions: 10COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 0000000D.00000002.401954776.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 222bd9f3ef62243b6483611c5295b7e881fe0274a2f6ab59087b7040bf8ebbbd
            • Instruction ID: 6a56a398cc74816686c737b3b88b7dbc55f6cf85ec94b207acd0b0b1cdb7fb7b
            • Opcode Fuzzy Hash: 222bd9f3ef62243b6483611c5295b7e881fe0274a2f6ab59087b7040bf8ebbbd
            • Instruction Fuzzy Hash: B5C04C7A82C308DEDB0C8F62E04A5EC7EB0E71631AF446155A015A2160CB7A42C8CF14
            Uniqueness

            Uniqueness Score: -1.00%

            Non-executed Functions

            Analysis Process: dhcpmon.exe PID: 1312 Parent PID: 1384 dhcpmon.exeCOMMON

            Executed Functions

            Function 05453850, Relevance: .8, Instructions: 803COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000011.00000002.414971262.0000000005450000.00000040.00000001.sdmp, Offset: 05450000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 71f9257d1c87cbafc060f0d1f53a645f92e1d131866cfaa5504b6a2ae4541dcb
            • Instruction ID: 368eeb258f592f2e7cffaa58542bfb12e6d094c0370bf8c8cf5351c10252b567
            • Opcode Fuzzy Hash: 71f9257d1c87cbafc060f0d1f53a645f92e1d131866cfaa5504b6a2ae4541dcb
            • Instruction Fuzzy Hash: BD52C271A04116CFCB15CF68C5849EABBB2FF85360B1989AAD8099F217D731EC46CB91
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054523A0, Relevance: .5, Instructions: 505COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000011.00000002.414971262.0000000005450000.00000040.00000001.sdmp, Offset: 05450000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 71f2f146f19c8b754bb2383a5f2e3497a598bf04ff4ce1c81820e2aa8da3ed41
            • Instruction ID: 645fa8dbaf647d629dd2c72859e61a935771d1c6d31bfb0b2f855479a7061756
            • Opcode Fuzzy Hash: 71f2f146f19c8b754bb2383a5f2e3497a598bf04ff4ce1c81820e2aa8da3ed41
            • Instruction Fuzzy Hash: 0F12CC34A08215CFDB25CF29C5846AEBBF3BB84325F14816BD806AB356DBB49C46DF50
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05452FA8, Relevance: .2, Instructions: 239COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000011.00000002.414971262.0000000005450000.00000040.00000001.sdmp, Offset: 05450000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 18d2f35d8085aa0e2eee6a93eee9d944b4c7fe11a8a8f601a8b36cbc363d5800
            • Instruction ID: 19b4d1687f38f6e817c782170cededd3bbff057ff4f0877a8a513d1298acb28f
            • Opcode Fuzzy Hash: 18d2f35d8085aa0e2eee6a93eee9d944b4c7fe11a8a8f601a8b36cbc363d5800
            • Instruction Fuzzy Hash: 9181BE31F041159BCB14DF68D954AAEB7F3AFC4760F2A8465E815EB36ADE34DC028B90
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054509A0, Relevance: 5.2, Strings: 4, Instructions: 176COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000011.00000002.414971262.0000000005450000.00000040.00000001.sdmp, Offset: 05450000, based on PE: false
            Similarity
            • API ID:
            • String ID: X1q$X1q$X1q$X1q
            • API String ID: 0-1201878573
            • Opcode ID: 80d9942dab2645a5f228df6eb1ae0bbade8f1363c2256211367e5be0e61cf1d9
            • Instruction ID: d61f0dd291f900940631cc2ede604abefaebe7e7f9ffbb97ec96a094d5ff0aa9
            • Opcode Fuzzy Hash: 80d9942dab2645a5f228df6eb1ae0bbade8f1363c2256211367e5be0e61cf1d9
            • Instruction Fuzzy Hash: 9051A335B00145DFCB14DBA8D89CAAEB7B7FF84314F2485A6D85AAB255DB319C02C781
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05450681, Relevance: 2.6, Strings: 2, Instructions: 130COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000011.00000002.414971262.0000000005450000.00000040.00000001.sdmp, Offset: 05450000, based on PE: false
            Similarity
            • API ID:
            • String ID: Z;q^$Y;q^
            • API String ID: 0-2622247731
            • Opcode ID: 5b0171d535176854e3df0d55a93c119dbdfe2632e785b5bbac826382a58619da
            • Instruction ID: be1f1b523ef6412246172ed40bc947494f9f7cd89e269519166e04da4b3d13b4
            • Opcode Fuzzy Hash: 5b0171d535176854e3df0d55a93c119dbdfe2632e785b5bbac826382a58619da
            • Instruction Fuzzy Hash: D4417C346002468BE735AB34E91D5AE3BAAFF81716B15447AF807CB2A9DF744C068B91
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054512A0, Relevance: 1.7, Strings: 1, Instructions: 460COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000011.00000002.414971262.0000000005450000.00000040.00000001.sdmp, Offset: 05450000, based on PE: false
            Similarity
            • API ID:
            • String ID: $gq
            • API String ID: 0-815412418
            • Opcode ID: 48ce9cfa7c4e8a088a4fd8f8fc03132d5b95944d26204adae6663c428fb1e40c
            • Instruction ID: f64f6f488508d5c1bf9057f7742f92c58d815e793174a3f6af3ed6ec2cce0614
            • Opcode Fuzzy Hash: 48ce9cfa7c4e8a088a4fd8f8fc03132d5b95944d26204adae6663c428fb1e40c
            • Instruction Fuzzy Hash: A7221434A00615CFCB24DF24C594AAABBF2FF88310F14C99AE85A9B756DB34AD45CF50
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055801F4, Relevance: 1.6, APIs: 1, Instructions: 101synchronizationCOMMON
            Download Yara Rule
            APIs
            • CreateMutexW.KERNELBASE(?,?), ref: 0558019D
            Memory Dump Source
            • Source File: 00000011.00000002.415150441.0000000005580000.00000040.00000001.sdmp, Offset: 05580000, based on PE: false
            Similarity
            • API ID: CreateMutex
            • String ID:
            • API String ID: 1964310414-0
            • Opcode ID: 93ac7726c2214e2a7fc2d0f6313e6be16c3ab0a8b0125971dd160a4ad62926bb
            • Instruction ID: ef26fec8b2e3e580899274b2ed8469dc7fa94057b8b0f5ae8c937ee8691be207
            • Opcode Fuzzy Hash: 93ac7726c2214e2a7fc2d0f6313e6be16c3ab0a8b0125971dd160a4ad62926bb
            • Instruction Fuzzy Hash: 6331D4715093849FD712CF64DC49B65BFA4FF46220F0880EBDD859F6A3D275A908CB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0136AA02, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON
            Download Yara Rule
            APIs
            • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0136AAB1
            Memory Dump Source
            • Source File: 00000011.00000002.414519528.000000000136A000.00000040.00000001.sdmp, Offset: 0136A000, based on PE: false
            Similarity
            • API ID: Open
            • String ID:
            • API String ID: 71445658-0
            • Opcode ID: 81bfad20d89c49b1f8c5d102d875a2ee07b86b99b912075879b8cd8e81825610
            • Instruction ID: 375f18d3d3731041aed7d0d4bb830aad9847111de88c0feb5a6f8f9f41061140
            • Opcode Fuzzy Hash: 81bfad20d89c49b1f8c5d102d875a2ee07b86b99b912075879b8cd8e81825610
            • Instruction Fuzzy Hash: 6331C4714443846FE7228F29CD45F67BFACEF06310F08859AED809B152D264A909C771
            Uniqueness

            Uniqueness Score: -1.00%

            Function 055800F6, Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
            Download Yara Rule
            APIs
            • CreateMutexW.KERNELBASE(?,?), ref: 0558019D
            Memory Dump Source
            • Source File: 00000011.00000002.415150441.0000000005580000.00000040.00000001.sdmp, Offset: 05580000, based on PE: false
            Similarity
            • API ID: CreateMutex
            • String ID:
            • API String ID: 1964310414-0
            • Opcode ID: 8515b640f23333ccac43c25be9b945b6d67f2a7833fc149081cc488af33a1331
            • Instruction ID: 2735b6edf6cc0c8b38ccf8b7219f1dd4fd8641942f3eb6b6b792470412f1c0fb
            • Opcode Fuzzy Hash: 8515b640f23333ccac43c25be9b945b6d67f2a7833fc149081cc488af33a1331
            • Instruction Fuzzy Hash: 6C3191715097806FE722DB25DD85F66FFE8FF06210F08849AE984DB2A3D375A908C761
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0136AAF9, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
            Download Yara Rule
            APIs
            • RegQueryValueExW.KERNELBASE(?,00000E2C,B9749096,00000000,00000000,00000000,00000000), ref: 0136ABB4
            Memory Dump Source
            • Source File: 00000011.00000002.414519528.000000000136A000.00000040.00000001.sdmp, Offset: 0136A000, based on PE: false
            Similarity
            • API ID: QueryValue
            • String ID:
            • API String ID: 3660427363-0
            • Opcode ID: 6ef897ee57766d7174c200b0ddb65bb210f225cece22955dc7ca5d883613cd84
            • Instruction ID: 962c8ad1b02fe4745c6a9fe04ee25792909479e1e792caede007e173fbfdd162
            • Opcode Fuzzy Hash: 6ef897ee57766d7174c200b0ddb65bb210f225cece22955dc7ca5d883613cd84
            • Instruction Fuzzy Hash: 2831B1711093806FE722CB25CC85FA2BFACEF06310F08889AE9859B253D264E548CB61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0136AF50, Relevance: 1.6, APIs: 1, Instructions: 83COMMON
            Download Yara Rule
            APIs
            • SetConsoleCtrlHandler.KERNELBASE(?,00000E2C,?,?), ref: 0136AFEA
            Memory Dump Source
            • Source File: 00000011.00000002.414519528.000000000136A000.00000040.00000001.sdmp, Offset: 0136A000, based on PE: false
            Similarity
            • API ID: ConsoleCtrlHandler
            • String ID:
            • API String ID: 1513847179-0
            • Opcode ID: e22573c3d271057ea4fa2851fcaf08342942e1fde3ab6ceb25966b39ce0b8fc6
            • Instruction ID: 2c8a5ccc2de68c3937bf2f75dacd11ef079471d162c2498e2b0ce1905704d1bd
            • Opcode Fuzzy Hash: e22573c3d271057ea4fa2851fcaf08342942e1fde3ab6ceb25966b39ce0b8fc6
            • Instruction Fuzzy Hash: 8521A17140E3C06FD3138B259C55B21BFB8EF87614F0A81DBE884CB5A3D129A919C7B2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0136AA32, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
            Download Yara Rule
            APIs
            • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0136AAB1
            Memory Dump Source
            • Source File: 00000011.00000002.414519528.000000000136A000.00000040.00000001.sdmp, Offset: 0136A000, based on PE: false
            Similarity
            • API ID: Open
            • String ID:
            • API String ID: 71445658-0
            • Opcode ID: d6c2c7298df11b7f98bf7b677f168fd02574b7b1e2784bccc818e73d9ddd5f04
            • Instruction ID: dab70241e80841639d914a39d5ccbe6bbd89d90d20db7781973d59ea44a00a92
            • Opcode Fuzzy Hash: d6c2c7298df11b7f98bf7b677f168fd02574b7b1e2784bccc818e73d9ddd5f04
            • Instruction Fuzzy Hash: A2219272500244AFF7229E19CE85F6AFBECEF04710F14C55AED45AB642D664E5088BB1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0558012A, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
            Download Yara Rule
            APIs
            • CreateMutexW.KERNELBASE(?,?), ref: 0558019D
            Memory Dump Source
            • Source File: 00000011.00000002.415150441.0000000005580000.00000040.00000001.sdmp, Offset: 05580000, based on PE: false
            Similarity
            • API ID: CreateMutex
            • String ID:
            • API String ID: 1964310414-0
            • Opcode ID: 9834e9be2e02b0bd4846681e98bfe9423b2b106f320053f97b28e8388fa39218
            • Instruction ID: aec5c3669c939302b7806c7e88aabe17858746c4a219bebcd50f4e0221cbbe01
            • Opcode Fuzzy Hash: 9834e9be2e02b0bd4846681e98bfe9423b2b106f320053f97b28e8388fa39218
            • Instruction Fuzzy Hash: FF21B071504240AFE721DF29CD89B6AFBE8FF05320F04846AED859B292D371F508CA61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0136AB3A, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
            Download Yara Rule
            APIs
            • RegQueryValueExW.KERNELBASE(?,00000E2C,B9749096,00000000,00000000,00000000,00000000), ref: 0136ABB4
            Memory Dump Source
            • Source File: 00000011.00000002.414519528.000000000136A000.00000040.00000001.sdmp, Offset: 0136A000, based on PE: false
            Similarity
            • API ID: QueryValue
            • String ID:
            • API String ID: 3660427363-0
            • Opcode ID: 53a58c07f12fdfba0c39ad0752ab2b8374fb47bad9ef7107917475a977e89c3b
            • Instruction ID: cb3beae44ca38b1251e78371b1bd5a6b715db75ce530f726afbd2cc73f095574
            • Opcode Fuzzy Hash: 53a58c07f12fdfba0c39ad0752ab2b8374fb47bad9ef7107917475a977e89c3b
            • Instruction Fuzzy Hash: 7E218C71600204AFE722CE29CD85F66FBECEF05711F04C8AAED45AB656D260E408CBB1
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0136A51F, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
            Download Yara Rule
            APIs
            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0136A58A
            Memory Dump Source
            • Source File: 00000011.00000002.414519528.000000000136A000.00000040.00000001.sdmp, Offset: 0136A000, based on PE: false
            Similarity
            • API ID: DuplicateHandle
            • String ID:
            • API String ID: 3793708945-0
            • Opcode ID: 08aff9b0b8f3473067c2925b6240ddde12c3a446c5777cbf1792a1e1ebcd6b07
            • Instruction ID: adfbf1a21a4a76a56d175ecf132dd255f7084b794a4e0da619ace6b0ffc5bbcd
            • Opcode Fuzzy Hash: 08aff9b0b8f3473067c2925b6240ddde12c3a446c5777cbf1792a1e1ebcd6b07
            • Instruction Fuzzy Hash: 2B117271409380AFDB228F55DC44A62FFF8EF4A220F08859EEE858B563C375A418DB61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0136B7CA, Relevance: 1.6, APIs: 1, Instructions: 61windowCOMMON
            Download Yara Rule
            APIs
            • PostMessageW.USER32(?,?,?,?), ref: 0136B841
            Memory Dump Source
            • Source File: 00000011.00000002.414519528.000000000136A000.00000040.00000001.sdmp, Offset: 0136A000, based on PE: false
            Similarity
            • API ID: MessagePost
            • String ID:
            • API String ID: 410705778-0
            • Opcode ID: 9d443e3166707566a5ce05789d1fc1d1fdcb7bccc3e0447ba7a3b7f166937708
            • Instruction ID: 940b6853613682d54eb2d7bbf8ef3c133d3a69157cdc4c3382379faeb25c94eb
            • Opcode Fuzzy Hash: 9d443e3166707566a5ce05789d1fc1d1fdcb7bccc3e0447ba7a3b7f166937708
            • Instruction Fuzzy Hash: FB219D714093C09FDB238B25DC50A92BFB4AF17224F0984DAE9C44F163D265A958CB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0136BB4F, Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON
            Download Yara Rule
            APIs
            • PostMessageW.USER32(?,?,?,?), ref: 0136BBB9
            Memory Dump Source
            • Source File: 00000011.00000002.414519528.000000000136A000.00000040.00000001.sdmp, Offset: 0136A000, based on PE: false
            Similarity
            • API ID: MessagePost
            • String ID:
            • API String ID: 410705778-0
            • Opcode ID: a7cbae121ba20e4ec99686b73b521fe86150a657ca4335c23d7e454e556ebb4c
            • Instruction ID: c9141c40c0a1404fb14288f056eb654e8f6f0e9cfda7a6b9b619ec296f09333a
            • Opcode Fuzzy Hash: a7cbae121ba20e4ec99686b73b521fe86150a657ca4335c23d7e454e556ebb4c
            • Instruction Fuzzy Hash: FC11D0355093C0AFDB228F25CC85B52FFB4EF16220F0885DEED858B667D265A418CB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0136BE05, Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON
            Download Yara Rule
            APIs
            • DispatchMessageW.USER32(?), ref: 0136BE70
            Memory Dump Source
            • Source File: 00000011.00000002.414519528.000000000136A000.00000040.00000001.sdmp, Offset: 0136A000, based on PE: false
            Similarity
            • API ID: DispatchMessage
            • String ID:
            • API String ID: 2061451462-0
            • Opcode ID: 31e6448d3b1a7cbf7b281f1cdb5287e3f1c29a3e9ee5e767f1bda020de862b0d
            • Instruction ID: 1c4d5eb9928ea877cebacd5dd69dd0465756599e64930b4d7313c0fe20a62639
            • Opcode Fuzzy Hash: 31e6448d3b1a7cbf7b281f1cdb5287e3f1c29a3e9ee5e767f1bda020de862b0d
            • Instruction Fuzzy Hash: E1114F754093C09FD7238B259C44761BFB4EF47624F0984DADD898F267D2695848CB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0136B71E, Relevance: 1.6, APIs: 1, Instructions: 57windowCOMMON
            Download Yara Rule
            APIs
            • CreateIconFromResourceEx.USER32 ref: 0136B78A
            Memory Dump Source
            • Source File: 00000011.00000002.414519528.000000000136A000.00000040.00000001.sdmp, Offset: 0136A000, based on PE: false
            Similarity
            • API ID: CreateFromIconResource
            • String ID:
            • API String ID: 3668623891-0
            • Opcode ID: b0571335986c5690080072f86df7a55ea171d00622a164cdd71b9d3afe3558d7
            • Instruction ID: c4e1a9a61bf880fa88ea9916d9de0e6dda4880c3faa5c8f4c99caf0e00a42d1d
            • Opcode Fuzzy Hash: b0571335986c5690080072f86df7a55ea171d00622a164cdd71b9d3afe3558d7
            • Instruction Fuzzy Hash: DC116031405384AFDB228F55DC44A52FFF4FF4A220F09859EE9858B566C379A458CB61
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0136A75B, Relevance: 1.6, APIs: 1, Instructions: 52comCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000011.00000002.414519528.000000000136A000.00000040.00000001.sdmp, Offset: 0136A000, based on PE: false
            Similarity
            • API ID: Initialize
            • String ID:
            • API String ID: 2538663250-0
            • Opcode ID: a7886994775dc923ca254e919bcd3573a29fae8351db6b0b4aabc5989a121ffd
            • Instruction ID: 3d0a9ad80ad4fae50852172fee79f9b7902a1601a5f516dfe3fbc4b229623516
            • Opcode Fuzzy Hash: a7886994775dc923ca254e919bcd3573a29fae8351db6b0b4aabc5989a121ffd
            • Instruction Fuzzy Hash: FB116D714493849FD712CF25DC44B52BFB8EF42225F0984EAED898F253D279A448CB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0136A8CC, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000011.00000002.414519528.000000000136A000.00000040.00000001.sdmp, Offset: 0136A000, based on PE: false
            Similarity
            • API ID: LongWindow
            • String ID:
            • API String ID: 1378638983-0
            • Opcode ID: ad9f425153db249474cb4d60db762ccfe2ec3fac2cc84986dd23f5bd81499e14
            • Instruction ID: 73a591a7d0a66baaa0d7c516e34d20df4bf4d5ff1118f1d09329a1cf5d93b307
            • Opcode Fuzzy Hash: ad9f425153db249474cb4d60db762ccfe2ec3fac2cc84986dd23f5bd81499e14
            • Instruction Fuzzy Hash: ED117C354097849FD722CF15DC85A52FFF4EF06220F09C49AED894B263C275A818CB62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0136A546, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
            Download Yara Rule
            APIs
            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0136A58A
            Memory Dump Source
            • Source File: 00000011.00000002.414519528.000000000136A000.00000040.00000001.sdmp, Offset: 0136A000, based on PE: false
            Similarity
            • API ID: DuplicateHandle
            • String ID:
            • API String ID: 3793708945-0
            • Opcode ID: e1f87b5d7bc410224c0c5d6b19fca53ac3fb6c356677b718842323119bbb3531
            • Instruction ID: 65e82d9b611059b7eb1b69d38d0b8ee5f2c15273ab3aea3f1c85a7422f9ec015
            • Opcode Fuzzy Hash: e1f87b5d7bc410224c0c5d6b19fca53ac3fb6c356677b718842323119bbb3531
            • Instruction Fuzzy Hash: 6D015B31400644DFDB22CF59D944B56FFE8EF48721F08C59ADE895BA16C375A018CF62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0136B746, Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
            Download Yara Rule
            APIs
            • CreateIconFromResourceEx.USER32 ref: 0136B78A
            Memory Dump Source
            • Source File: 00000011.00000002.414519528.000000000136A000.00000040.00000001.sdmp, Offset: 0136A000, based on PE: false
            Similarity
            • API ID: CreateFromIconResource
            • String ID:
            • API String ID: 3668623891-0
            • Opcode ID: 507db9e8e31d271343c2c19f32587235cf50fb448b10b84d9e15b34b8adece94
            • Instruction ID: 111aa79bd65a5066bc0ddd3e05cf3a67326a3aafe6f0b3f3253d284e28fe3e8d
            • Opcode Fuzzy Hash: 507db9e8e31d271343c2c19f32587235cf50fb448b10b84d9e15b34b8adece94
            • Instruction Fuzzy Hash: 770161315006449FDB228F55D944B56FFE8EF08721F08C56EDE898B626D375A018DF62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0136AF9A, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
            Download Yara Rule
            APIs
            • SetConsoleCtrlHandler.KERNELBASE(?,00000E2C,?,?), ref: 0136AFEA
            Memory Dump Source
            • Source File: 00000011.00000002.414519528.000000000136A000.00000040.00000001.sdmp, Offset: 0136A000, based on PE: false
            Similarity
            • API ID: ConsoleCtrlHandler
            • String ID:
            • API String ID: 1513847179-0
            • Opcode ID: 5ffbc65f49387caf1785fa83f3ba13a1fdb7b57fe54a70c146bf88b2f950ab2d
            • Instruction ID: 85a3d2cdf95179e9feb394c1e1afba5d97b1306625fce2b4762069987c5e09a3
            • Opcode Fuzzy Hash: 5ffbc65f49387caf1785fa83f3ba13a1fdb7b57fe54a70c146bf88b2f950ab2d
            • Instruction Fuzzy Hash: 4001AD75900200ABD250DF1ADC86B26FBE8FB88B20F14C15AED084BB41E631F915CBE6
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0136BB7E, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
            Download Yara Rule
            APIs
            • PostMessageW.USER32(?,?,?,?), ref: 0136BBB9
            Memory Dump Source
            • Source File: 00000011.00000002.414519528.000000000136A000.00000040.00000001.sdmp, Offset: 0136A000, based on PE: false
            Similarity
            • API ID: MessagePost
            • String ID:
            • API String ID: 410705778-0
            • Opcode ID: 8e775f33c70c55fa830f533fcc0c6614c522aca419eab69b55b82a8d6d69943c
            • Instruction ID: 5570220858343cfc85efa409a620a504fdedc83bd3480db53fb99d9648ebcf6d
            • Opcode Fuzzy Hash: 8e775f33c70c55fa830f533fcc0c6614c522aca419eab69b55b82a8d6d69943c
            • Instruction Fuzzy Hash: 2901B1356002408FDB318F1AD984B65FFA8EF04324F08C09EDD498BA2BC271A418CF62
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0136A78A, Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000011.00000002.414519528.000000000136A000.00000040.00000001.sdmp, Offset: 0136A000, based on PE: false
            Similarity
            • API ID: Initialize
            • String ID:
            • API String ID: 2538663250-0
            • Opcode ID: 154c915dfa7cb6fe185c9cb6b0d63fd02c55c00976b9ba7233b2effad47752bc
            • Instruction ID: cd1dfe01c2c20d37b50e9de8a08ee8758f1a08b5d67cef4c34aa5990a712b019
            • Opcode Fuzzy Hash: 154c915dfa7cb6fe185c9cb6b0d63fd02c55c00976b9ba7233b2effad47752bc
            • Instruction Fuzzy Hash: 6F01D1748002849FDB21CF59D988765FFE8EF44325F08C4AADD499F617D278A508CBA2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0136B806, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
            Download Yara Rule
            APIs
            • PostMessageW.USER32(?,?,?,?), ref: 0136B841
            Memory Dump Source
            • Source File: 00000011.00000002.414519528.000000000136A000.00000040.00000001.sdmp, Offset: 0136A000, based on PE: false
            Similarity
            • API ID: MessagePost
            • String ID:
            • API String ID: 410705778-0
            • Opcode ID: 27041c970279b0685de76e7d6c86e89275ca5fc91915ae0d1d383fbec766f699
            • Instruction ID: 8959ed683a58f7c2ee45792debce7df3f0386f4d2c4b5e8cc3493f1dc9d395c7
            • Opcode Fuzzy Hash: 27041c970279b0685de76e7d6c86e89275ca5fc91915ae0d1d383fbec766f699
            • Instruction Fuzzy Hash: A3018F319006849FDB218F5AD984B65FFA8EF04725F08C49ADD894B62BD275A418CFA2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0136A8EE, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000011.00000002.414519528.000000000136A000.00000040.00000001.sdmp, Offset: 0136A000, based on PE: false
            Similarity
            • API ID: LongWindow
            • String ID:
            • API String ID: 1378638983-0
            • Opcode ID: 54c7327c0dee8e3e8d1be51fab9616a75d9f684c1607219674296f9752211ac2
            • Instruction ID: 111b441e88247d768770c89b7090af605969d9c97c265bd6cc0af4ee619df832
            • Opcode Fuzzy Hash: 54c7327c0dee8e3e8d1be51fab9616a75d9f684c1607219674296f9752211ac2
            • Instruction Fuzzy Hash: 3D01D1358006488FDB21CF09D985751FFE8EF05725F18C4AADD8A1B617C275A408CF72
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0136BE3E, Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON
            Download Yara Rule
            APIs
            • DispatchMessageW.USER32(?), ref: 0136BE70
            Memory Dump Source
            • Source File: 00000011.00000002.414519528.000000000136A000.00000040.00000001.sdmp, Offset: 0136A000, based on PE: false
            Similarity
            • API ID: DispatchMessage
            • String ID:
            • API String ID: 2061451462-0
            • Opcode ID: 2a73f73d7cfe90390b179eb89e68157dc860fecc9fbccd3abe8a24dd0a1a2ce9
            • Instruction ID: 81bd4537ef298a6e7b2d9fde60aca3d1a1d4add6d048ad2329ed3b4fd1525cce
            • Opcode Fuzzy Hash: 2a73f73d7cfe90390b179eb89e68157dc860fecc9fbccd3abe8a24dd0a1a2ce9
            • Instruction Fuzzy Hash: 34F0A4359042848FD721CF19ED88761FF98EF04725F08C4AADE4D4B71BD275A408CEA2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054520D0, Relevance: 1.5, Strings: 1, Instructions: 201COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000011.00000002.414971262.0000000005450000.00000040.00000001.sdmp, Offset: 05450000, based on PE: false
            Similarity
            • API ID:
            • String ID: r*+
            • API String ID: 0-3221063712
            • Opcode ID: 99a9ffdc7fa52da31b0c7af3b2ae428538be3c0e454ae2edb97df85f68f4ec6a
            • Instruction ID: f16250e6e5bb3b45a5d69c2f931d48c27e2055a2ae0ae2108ae831a00945df8c
            • Opcode Fuzzy Hash: 99a9ffdc7fa52da31b0c7af3b2ae428538be3c0e454ae2edb97df85f68f4ec6a
            • Instruction Fuzzy Hash: 36715038A08205DFDB58DFA4C5456BEBBB2FF44310F5480ABD902AB256D7B09D42CB51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054502E8, Relevance: 1.4, Strings: 1, Instructions: 174COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000011.00000002.414971262.0000000005450000.00000040.00000001.sdmp, Offset: 05450000, based on PE: false
            Similarity
            • API ID:
            • String ID: `5q
            • API String ID: 0-3867205651
            • Opcode ID: dea9ca79881774b64447e56320d7d5f5efb813e274160b44cacdfabb79b67525
            • Instruction ID: 5204db3bf821e5a477ab54cd14486e334316bfcfa8cebf2bc6fc3a0c960e24f6
            • Opcode Fuzzy Hash: dea9ca79881774b64447e56320d7d5f5efb813e274160b44cacdfabb79b67525
            • Instruction Fuzzy Hash: 0A51D338A05205CFDB19CF68C5646AE7BF3FF89310F1484AAD90AAB352DB35AC05CB51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05452D58, Relevance: 1.4, Strings: 1, Instructions: 134COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000011.00000002.414971262.0000000005450000.00000040.00000001.sdmp, Offset: 05450000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID: 0-3916222277
            • Opcode ID: a0ad0342faf5a5dd9714c7ed2a026e06a8ce599431427d95ea6789a3410f94bb
            • Instruction ID: 0a945990b6c2b1ace182aec9b6f266ee2d29404a9e692c241618e5a22d87a898
            • Opcode Fuzzy Hash: a0ad0342faf5a5dd9714c7ed2a026e06a8ce599431427d95ea6789a3410f94bb
            • Instruction Fuzzy Hash: E341B434E082159BCB24DF65C8445FEB7A3BBC1224B15C47BC816AB706C775D8438B41
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05450BC0, Relevance: 1.4, Strings: 1, Instructions: 133COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000011.00000002.414971262.0000000005450000.00000040.00000001.sdmp, Offset: 05450000, based on PE: false
            Similarity
            • API ID:
            • String ID: hXMr
            • API String ID: 0-1185242784
            • Opcode ID: 9c0c68c6f8ab51963ea3c771694283d9718c4e1b49682aa7dec86654aa11e5f1
            • Instruction ID: 3480a87a9c1123fdd3467d37b333958da4a2bcd694024a5abe8f6071407a2c70
            • Opcode Fuzzy Hash: 9c0c68c6f8ab51963ea3c771694283d9718c4e1b49682aa7dec86654aa11e5f1
            • Instruction Fuzzy Hash: BB419635B051148FC71ADB68C4186EE77F7AF86320F15806BED0AAF392CAB19C068791
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05451458, Relevance: 1.4, Strings: 1, Instructions: 128COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000011.00000002.414971262.0000000005450000.00000040.00000001.sdmp, Offset: 05450000, based on PE: false
            Similarity
            • API ID:
            • String ID: $gq
            • API String ID: 0-815412418
            • Opcode ID: 39970a2fd4c6a732df5301e26dcb362f53c67a55ce85ba382e261781d242582b
            • Instruction ID: ca47d15ba0048c9a645804cca061948f2aaa12723377f06973c154a1f48ee7ab
            • Opcode Fuzzy Hash: 39970a2fd4c6a732df5301e26dcb362f53c67a55ce85ba382e261781d242582b
            • Instruction Fuzzy Hash: 8F510434A04259CFDB14DF64C894B9DBBB2BF49305F1040EAE80AAB366CB359D85CF51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05451291, Relevance: 1.4, Strings: 1, Instructions: 101COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000011.00000002.414971262.0000000005450000.00000040.00000001.sdmp, Offset: 05450000, based on PE: false
            Similarity
            • API ID:
            • String ID: $gq
            • API String ID: 0-815412418
            • Opcode ID: 0100fa4ffb2c821f23587e58969f1fa23b65150090eee60c6835aa417096ae86
            • Instruction ID: cdacdbad595c766db6e8c23b770db5880304a86ba5a48258ea9a6e0c2b1a7a9e
            • Opcode Fuzzy Hash: 0100fa4ffb2c821f23587e58969f1fa23b65150090eee60c6835aa417096ae86
            • Instruction Fuzzy Hash: 0B411534A042598FDB14DB64C894BAEBBB2BF49214F0040AAD84AAB752DB349D85CF51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054505B9, Relevance: 1.3, Strings: 1, Instructions: 50COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000011.00000002.414971262.0000000005450000.00000040.00000001.sdmp, Offset: 05450000, based on PE: false
            Similarity
            • API ID:
            • String ID: 8$q
            • API String ID: 0-2903697390
            • Opcode ID: 0789bd06f0db5cf6662f742663ee8136730bba5b58461b71e545016c2aaed514
            • Instruction ID: f412ebe338c214fc73168ab73dd494658bf65bbef4eafacb57b6dc499bebd236
            • Opcode Fuzzy Hash: 0789bd06f0db5cf6662f742663ee8136730bba5b58461b71e545016c2aaed514
            • Instruction Fuzzy Hash: E401F4207042220FC719A33E61215BF279B5FC5A56B19403FF006EB3A9DD795C0743D6
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054505C8, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000011.00000002.414971262.0000000005450000.00000040.00000001.sdmp, Offset: 05450000, based on PE: false
            Similarity
            • API ID:
            • String ID: 8$q
            • API String ID: 0-2903697390
            • Opcode ID: 824d8c6955c50207dccbdac97d70651852c143a6442b8a559ef24693cdb8d9dd
            • Instruction ID: 2dd56b551b58cec638e6933032e6a2fdfe71986af1c454ea52b88bfd7fabcfb5
            • Opcode Fuzzy Hash: 824d8c6955c50207dccbdac97d70651852c143a6442b8a559ef24693cdb8d9dd
            • Instruction Fuzzy Hash: 40F0B4217000260BC619737E75115BF228FABC5996B14403FF10AE73A8DD79AC4703E6
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05452BF8, Relevance: .1, Instructions: 133COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000011.00000002.414971262.0000000005450000.00000040.00000001.sdmp, Offset: 05450000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c81dc87bf64f1b27f383535e92861eae7862c4da6e61ef171b6aff51f61f798d
            • Instruction ID: 1c74f94e9054d4a034f46b5d2ed71e7d6dad4c916a73ffb7ac84dbc649e69661
            • Opcode Fuzzy Hash: c81dc87bf64f1b27f383535e92861eae7862c4da6e61ef171b6aff51f61f798d
            • Instruction Fuzzy Hash: D341F53860D3959FC327873884949F97FF6AF42224B1985EBD896CF663C2A19C07C751
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054502D9, Relevance: .1, Instructions: 105COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000011.00000002.414971262.0000000005450000.00000040.00000001.sdmp, Offset: 05450000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d85a79ee1224644bdcfa664a45672d3b9c64f94ce1fea89ff1f55b0ac16970d5
            • Instruction ID: 33b8fe6d458986c87ea954689f4d9c50738a50702cb105cc4a9db2e1ece393f1
            • Opcode Fuzzy Hash: d85a79ee1224644bdcfa664a45672d3b9c64f94ce1fea89ff1f55b0ac16970d5
            • Instruction Fuzzy Hash: 90417278A006058FDB15CB68C168BFE7BB3FF89720F1440AAD906AB352CB35AC45CB51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05450006, Relevance: .1, Instructions: 101COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000011.00000002.414971262.0000000005450000.00000040.00000001.sdmp, Offset: 05450000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f4eb4fa8b09512558cbef521116718a4246553e7bb9fc28909392b101e91130a
            • Instruction ID: 4e2240f1efb1cc3b6785e58aaca4c23d5a2600dde746f315f9a591d3fb05f7a4
            • Opcode Fuzzy Hash: f4eb4fa8b09512558cbef521116718a4246553e7bb9fc28909392b101e91130a
            • Instruction Fuzzy Hash: C231BE7450D3828FD712DB74D9A91A93FB1EF42714B0985ABD486CB297E6389C0ACB13
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054521E8, Relevance: .1, Instructions: 77COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000011.00000002.414971262.0000000005450000.00000040.00000001.sdmp, Offset: 05450000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d85b4da22395651efd29a771a8c3799817df12d4142791ee41e81c1b9e0c5490
            • Instruction ID: 9debd0c0cf6133c7999cb93f4934cba0d6526a513a68267192dce1ca54f008e3
            • Opcode Fuzzy Hash: d85b4da22395651efd29a771a8c3799817df12d4142791ee41e81c1b9e0c5490
            • Instruction Fuzzy Hash: 10314138D0C209DFCB58DBB4C1456FE7BB2FB45314F5440ABD802A7266D7715906CB42
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054525DE, Relevance: .1, Instructions: 75COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000011.00000002.414971262.0000000005450000.00000040.00000001.sdmp, Offset: 05450000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d49782e3bb62fd39c3a12696d8c59fb69a5efb3f3c7020dc3936220ce48703b7
            • Instruction ID: f9a0ae5a2ea65f4a29238c99d1c693bb3cd1d05c0081565f29386a248a4878ec
            • Opcode Fuzzy Hash: d49782e3bb62fd39c3a12696d8c59fb69a5efb3f3c7020dc3936220ce48703b7
            • Instruction Fuzzy Hash: 19317C34A04249CFDB71CF66D544A9ABBF2BF84324F14C16AC405AB25ADBB89849CF41
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054521F8, Relevance: .1, Instructions: 69COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000011.00000002.414971262.0000000005450000.00000040.00000001.sdmp, Offset: 05450000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d525b7908e27130a71e8ae967433171afa3deca5f667fd75924d65934ef36d42
            • Instruction ID: 7b1333f085a8a3ff315a87619d02c3ef21ad353ed8746e39bce77f36a22ff136
            • Opcode Fuzzy Hash: d525b7908e27130a71e8ae967433171afa3deca5f667fd75924d65934ef36d42
            • Instruction Fuzzy Hash: DC211D38D0C209DFCB58DFA4C1456FEBBB2BB44314F9440ABE802A7256D7B59A45CB52
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05454190, Relevance: .1, Instructions: 69COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000011.00000002.414971262.0000000005450000.00000040.00000001.sdmp, Offset: 05450000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a1069ef87abafc59e0eb4fca90526d6b58e1cf6588a1e434a7432203d88a6de7
            • Instruction ID: 3e322ff18f1e8df990d103bf6bd215f7c953aa0c2448e1716cbd54586139545e
            • Opcode Fuzzy Hash: a1069ef87abafc59e0eb4fca90526d6b58e1cf6588a1e434a7432203d88a6de7
            • Instruction Fuzzy Hash: 0D112931B042158BDF28E7B6D4495FF7ABBAF84350F91413FE8079B286DE71484187A2
            Uniqueness

            Uniqueness Score: -1.00%

            Function 02F3087C, Relevance: .1, Instructions: 59COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000011.00000002.414782142.0000000002F30000.00000040.00000040.sdmp, Offset: 02F30000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 61e844601a5f525c6e884b5f5272f1bb860569c3e668336454760eb37322b7cd
            • Instruction ID: da692fd7f5441235ec417c16da123a0dba87be4380d241bff8c1f1ee2f0ec858
            • Opcode Fuzzy Hash: 61e844601a5f525c6e884b5f5272f1bb860569c3e668336454760eb37322b7cd
            • Instruction Fuzzy Hash: 46110635604284DFE316CB14C944F26BBD5EB48708F24C99EEA490B743CB7BD803CA91
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05452390, Relevance: .1, Instructions: 57COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000011.00000002.414971262.0000000005450000.00000040.00000001.sdmp, Offset: 05450000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 36042570edcd64645483d0209b202628cc0d2aa8ef607ed5511976ad9e1ff0d3
            • Instruction ID: 42a06da2e14f87b655f3d482d44b0200eec121a8d73929aa401323db2ff91dfd
            • Opcode Fuzzy Hash: 36042570edcd64645483d0209b202628cc0d2aa8ef607ed5511976ad9e1ff0d3
            • Instruction Fuzzy Hash: 27116634918259DFCB2ACF6489556EE7BB6BB46320F10407BCA02AB742EBB10843DB50
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054511DF, Relevance: .1, Instructions: 53COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000011.00000002.414971262.0000000005450000.00000040.00000001.sdmp, Offset: 05450000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a67a5c4291c012a8228412b44a7d78d65284df3865569b906db3a97b546a6425
            • Instruction ID: 0d955e7ab500812f5cf6542ae8d4fe0ca322edeaaa81435f038902cbb77dddbb
            • Opcode Fuzzy Hash: a67a5c4291c012a8228412b44a7d78d65284df3865569b906db3a97b546a6425
            • Instruction Fuzzy Hash: 19115E35308180CFC70AD768D058AA97FF6AF9661175940EBE486CB2B7CB655C0ACB92
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05451209, Relevance: .0, Instructions: 48COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000011.00000002.414971262.0000000005450000.00000040.00000001.sdmp, Offset: 05450000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 24b676bcebb665462fc3a1ebccd846617b7856d6664d5bd0a28c1a525edbedd7
            • Instruction ID: 28bafca8b798acd0b62f7ca14f0d3c52ae0f7bc9d72215b88623d9669a8608a2
            • Opcode Fuzzy Hash: 24b676bcebb665462fc3a1ebccd846617b7856d6664d5bd0a28c1a525edbedd7
            • Instruction Fuzzy Hash: 58015E303081508FC709D76CD0589A97BE6AFD671176540FBE446DB6B6CF754C0ACB42
            Uniqueness

            Uniqueness Score: -1.00%

            Function 02F305D0, Relevance: .0, Instructions: 44COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000011.00000002.414782142.0000000002F30000.00000040.00000040.sdmp, Offset: 02F30000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cfd50ca6104e07d0d8044f88f501e64fd26b0e3cd27fdb9b4fbddbd6045ba3a7
            • Instruction ID: aba6527bc4bc522799de6a0d2beb7f70b3d2bfbc14dc88b28b0338bf91ac2fde
            • Opcode Fuzzy Hash: cfd50ca6104e07d0d8044f88f501e64fd26b0e3cd27fdb9b4fbddbd6045ba3a7
            • Instruction Fuzzy Hash: DCF0A9B65097805FD7128F16DD40862FFB8EF86620749C4AFEC4D8B652D225B908CB72
            Uniqueness

            Uniqueness Score: -1.00%

            Function 02F3086A, Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000011.00000002.414782142.0000000002F30000.00000040.00000040.sdmp, Offset: 02F30000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f303f494d6f91b06fc8b1fb1fcdcda4090a683f13f2c10c6d3c0e6d48a3a24de
            • Instruction ID: ad1438953b54b4f15bde609881a16cfa7f041876eca11fc6d3c383e2e2405eed
            • Opcode Fuzzy Hash: f303f494d6f91b06fc8b1fb1fcdcda4090a683f13f2c10c6d3c0e6d48a3a24de
            • Instruction Fuzzy Hash: 7F1170355093848FD706CB10C550B15BBB1EB86718F28C6EED9895B652C73AC816CB41
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05451218, Relevance: .0, Instructions: 42COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000011.00000002.414971262.0000000005450000.00000040.00000001.sdmp, Offset: 05450000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4e1b44184e97b1a0da056e6a1a89b4ec9b0360b3f599c300bb5cefe529c57324
            • Instruction ID: ea1e2a25feabea7f8fe77f5495db838587f0bd40f46155ca269cdfc892a177fa
            • Opcode Fuzzy Hash: 4e1b44184e97b1a0da056e6a1a89b4ec9b0360b3f599c300bb5cefe529c57324
            • Instruction Fuzzy Hash: A5011D303040108BC708D76CD158AAE77EBBFC571176540ABF946DB6A6CF759C4AC786
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05450908, Relevance: .0, Instructions: 33COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000011.00000002.414971262.0000000005450000.00000040.00000001.sdmp, Offset: 05450000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4407e0ece7e0e977d6fea3a6cee9f1db2f3375ff871f6a4c335ac2579f60179b
            • Instruction ID: 4b369dbeb43a8917c32ce1501460fcfb3ccf0b9db49548f98cc51df0780b6cb6
            • Opcode Fuzzy Hash: 4407e0ece7e0e977d6fea3a6cee9f1db2f3375ff871f6a4c335ac2579f60179b
            • Instruction Fuzzy Hash: 48F0E2349193948FDB608AB4482D5EF7FA66B82360B0449ABCC4BA725BC9A44C038752
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05450918, Relevance: .0, Instructions: 33COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000011.00000002.414971262.0000000005450000.00000040.00000001.sdmp, Offset: 05450000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 90d43de125bfb4d0bb4af8b6d52fc5c19b0edf23dd8ec7dc1db6c7b1f9698c5f
            • Instruction ID: b0f9594914d0f29a88d831ed424674a3784b49ff39ad9a17987f84eaf01b3be0
            • Opcode Fuzzy Hash: 90d43de125bfb4d0bb4af8b6d52fc5c19b0edf23dd8ec7dc1db6c7b1f9698c5f
            • Instruction Fuzzy Hash: 37E0E53AE152189BDB209AF5991D5EFB7AAA785370F004567DD0FA320AD9B448028692
            Uniqueness

            Uniqueness Score: -1.00%

            Function 02F30938, Relevance: .0, Instructions: 31COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000011.00000002.414782142.0000000002F30000.00000040.00000040.sdmp, Offset: 02F30000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8d74a29df55c69f98ab7c4b2aae8ba2665a8ebae01658a76b7ab1be4c5fff073
            • Instruction ID: 8e9633a630d26acc179bc411b380e6ebe2f804dc9f9b0ca43492d383dffe636a
            • Opcode Fuzzy Hash: 8d74a29df55c69f98ab7c4b2aae8ba2665a8ebae01658a76b7ab1be4c5fff073
            • Instruction Fuzzy Hash: B3F01D35204645DFD316CF00D540B16FBA2EB89718F24C6ADE9490B752C737D813DA81
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0545418E, Relevance: .0, Instructions: 28COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000011.00000002.414971262.0000000005450000.00000040.00000001.sdmp, Offset: 05450000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ee17cbd4231871e5cd93e6dec5e67066a242335ff9572cd19c023bc988b60ce6
            • Instruction ID: f6f3672e0724905b32b020bb280686402ce242e19868057a834bbdf024b4b7d9
            • Opcode Fuzzy Hash: ee17cbd4231871e5cd93e6dec5e67066a242335ff9572cd19c023bc988b60ce6
            • Instruction Fuzzy Hash: 6EE0D831A003149BDF74A675684D4FF7BAAEAD42B1700463BDC07C6046EA7140418A91
            Uniqueness

            Uniqueness Score: -1.00%

            Function 02F305F6, Relevance: .0, Instructions: 27COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000011.00000002.414782142.0000000002F30000.00000040.00000040.sdmp, Offset: 02F30000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 030d6f58b7043f9bee2b3168e5100828085b74ab43bf563a816ed3aeba2eaa55
            • Instruction ID: 62cc536e0ffd95daa808b26dffc402a8eeecda38979ad91e2a2f0a6d4681fa66
            • Opcode Fuzzy Hash: 030d6f58b7043f9bee2b3168e5100828085b74ab43bf563a816ed3aeba2eaa55
            • Instruction Fuzzy Hash: 83E09276A406004BD650CF0BEC81452FBD8EB84631718C07FDC0D8B711D535B504CEA5
            Uniqueness

            Uniqueness Score: -1.00%

            Function 054502A1, Relevance: .0, Instructions: 19COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000011.00000002.414971262.0000000005450000.00000040.00000001.sdmp, Offset: 05450000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f1b35fcf6c4e0f49e89d4fc57d45a00fafaf56ae0656c8bcb787257b14e9117f
            • Instruction ID: cb0c1185f41df22438d4e07a7a624c4d1cb08c28d7cc0644476572b334657f04
            • Opcode Fuzzy Hash: f1b35fcf6c4e0f49e89d4fc57d45a00fafaf56ae0656c8bcb787257b14e9117f
            • Instruction Fuzzy Hash: 27D01738119B40CFC3A69B64A5664D5BBF1BF86310784C96EE48A9BD5AC720BC0B8B01
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05450650, Relevance: .0, Instructions: 18COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000011.00000002.414971262.0000000005450000.00000040.00000001.sdmp, Offset: 05450000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cbeb8bf350332fe0b2bf8a51eb751751fbc8cf22e8cdcf94dce49d5694b31523
            • Instruction ID: 417948c40ddeb11afa3d6ead5f04cd9ac8a3f1180eda4c704a9911a5a249f5ac
            • Opcode Fuzzy Hash: cbeb8bf350332fe0b2bf8a51eb751751fbc8cf22e8cdcf94dce49d5694b31523
            • Instruction Fuzzy Hash: D0D05E31489380CFC36587B0282A0F97B729F93320B0488BBDC814A423C1362597DB12
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0545016F, Relevance: .0, Instructions: 18COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000011.00000002.414971262.0000000005450000.00000040.00000001.sdmp, Offset: 05450000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 63ac6f0c0ec5a057e685e544cf5b91df06692f77145aa5e486510410bda8c575
            • Instruction ID: d79f40044b1892d53c1c780d7c5f3c5ca2bbb4cb4561538b2d775a5b935f5f6e
            • Opcode Fuzzy Hash: 63ac6f0c0ec5a057e685e544cf5b91df06692f77145aa5e486510410bda8c575
            • Instruction Fuzzy Hash: 13E01272641700CFDB255734D46B0AC3775AF96221740467AD826C77D4EA3A8855CB00
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05452D20, Relevance: .0, Instructions: 18COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000011.00000002.414971262.0000000005450000.00000040.00000001.sdmp, Offset: 05450000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 09106054387ad8ecb4b42edc96785a68c01138e400cdebd6895593ffc03ad6c9
            • Instruction ID: 17173b82c30a24297560eaa0bd3e46acb61aa623cf2266a7ab51d2c8035dc55a
            • Opcode Fuzzy Hash: 09106054387ad8ecb4b42edc96785a68c01138e400cdebd6895593ffc03ad6c9
            • Instruction Fuzzy Hash: CED0A73C08C3859FD3E583605825FF63F714B9A361F0845B3D84AAF1E781C4400B8302
            Uniqueness

            Uniqueness Score: -1.00%

            Function 013623F4, Relevance: .0, Instructions: 15COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000011.00000002.414510672.0000000001362000.00000040.00000001.sdmp, Offset: 01362000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8818c8e660944429f3e8cf14adcb871cf42643e212b2ce834074e39d950bca83
            • Instruction ID: ad11fba456459b1aad2a80d45367935067dc129eeeefaa1a69d365cbc416850c
            • Opcode Fuzzy Hash: 8818c8e660944429f3e8cf14adcb871cf42643e212b2ce834074e39d950bca83
            • Instruction Fuzzy Hash: 88D05B792056C14FD3178A1DC16CB553FA4AF51704F4784F9D8008B667C754D581D100
            Uniqueness

            Uniqueness Score: -1.00%

            Function 013623BC, Relevance: .0, Instructions: 14COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000011.00000002.414510672.0000000001362000.00000040.00000001.sdmp, Offset: 01362000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 277365d97f72f4845e0c02df4b1d21f2ebbdea3027dac42e2f36eaed41dd7fd4
            • Instruction ID: 886e300d87494cdbd01145943ece0a5005dca771eaa6e2aa1121da5a4cd3ad4e
            • Opcode Fuzzy Hash: 277365d97f72f4845e0c02df4b1d21f2ebbdea3027dac42e2f36eaed41dd7fd4
            • Instruction Fuzzy Hash: 27D05E342002814BD716DB0CC698F5A3BD8AB41B04F1784E9AC008B266C7B5D881C600
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05450180, Relevance: .0, Instructions: 12COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000011.00000002.414971262.0000000005450000.00000040.00000001.sdmp, Offset: 05450000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 18927de99e0b5c7677e41bdc4f1eba0f84930ebad1827a9b27e47e46362ea62f
            • Instruction ID: 4945ee8cd2350ed324b56fe840458f20d4f79703696479cbb1fd18a096c55103
            • Opcode Fuzzy Hash: 18927de99e0b5c7677e41bdc4f1eba0f84930ebad1827a9b27e47e46362ea62f
            • Instruction Fuzzy Hash: 7FD01270200704CFDB282B70E02A41C3379AB44716740087CD80687754DF37E850CB40
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05450660, Relevance: .0, Instructions: 10COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000011.00000002.414971262.0000000005450000.00000040.00000001.sdmp, Offset: 05450000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d8c8dd0ba5fca0fd8f4210f9805ded727df834dc6044c3d81683e9d517427316
            • Instruction ID: b38663282a01da4ba09fcc469126337265886b1c093ebd5f0269faa28963f44b
            • Opcode Fuzzy Hash: d8c8dd0ba5fca0fd8f4210f9805ded727df834dc6044c3d81683e9d517427316
            • Instruction Fuzzy Hash: BDC02B34085304CEC2249772280D479731F57C0320B00C433DC050102689327493CA51
            Uniqueness

            Uniqueness Score: -1.00%

            Function 05452EC0, Relevance: .0, Instructions: 8COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000011.00000002.414971262.0000000005450000.00000040.00000001.sdmp, Offset: 05450000, based on PE: false
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a4221a66e6477603c29e619ce9541e2367b6910739d9656c986c1bf8ec318429
            • Instruction ID: b9f2b8cd6d0ac90f76a2c4011b3c39c622726b47712a473a32bf5e5e603d82cc
            • Opcode Fuzzy Hash: a4221a66e6477603c29e619ce9541e2367b6910739d9656c986c1bf8ec318429
            • Instruction Fuzzy Hash: 89B012302082081B576056B13C08F63338C554053974000FADC0CC0501F544D0A03340
            Uniqueness

            Uniqueness Score: -1.00%

            Non-executed Functions