Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report OfficialKiddionsModMenuV0.8.7.exe

Overview

General Information

Sample Name:OfficialKiddionsModMenuV0.8.7.exe
Analysis ID:546181
MD5:7de3896baf12500f3e1cd311e2340806
SHA1:500b906981aaa4810848643f1d8c17efa87bad20
SHA256:213fce24e326925749adebaff2d85e23bba2b616c872e2089b23fa231f18756e
Tags:exe
Infos:

Most interesting Screenshot:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Found malware configuration
Multi AV Scanner detection for submitted file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Writes to foreign memory regions
Tries to shutdown other security tools via broadcasted WM_QUERYENDSESSION
Tries to steal Crypto Currency Wallets
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
PE file has nameless sections
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Yara detected Credential Stealer
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Is looking for software installed on the system
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Detected TCP or UDP traffic on non-standard ports
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • OfficialKiddionsModMenuV0.8.7.exe (PID: 7072 cmdline: "C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exe" MD5: 7DE3896BAF12500F3E1CD311E2340806)
    • AppLaunch.exe (PID: 6652 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe MD5: 6807F903AC06FF7E1670181378690B22)
  • cleanup

Malware Configuration

Threatname: RedLine

{"C2 url": "103.246.144.29:44301"}

Yara Overview

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000001.00000002.292031662.00000000000C2000.00000004.00000001.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
      0000000A.00000002.348909899.0000000000402000.00000020.00000001.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        00000001.00000003.291666157.0000000003B12000.00000040.00000001.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          Process Memory Space: AppLaunch.exe PID: 6652JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            1.2.OfficialKiddionsModMenuV0.8.7.exe.c3b54.0.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              10.2.AppLaunch.exe.400000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                1.3.OfficialKiddionsModMenuV0.8.7.exe.3b10000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security

                  Sigma Overview

                  No Sigma rule has matched

                  Jbx Signature Overview

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection:

                  barindex
                  Found malware configurationShow sources
                  Source: 00000001.00000002.292031662.00000000000C2000.00000004.00000001.sdmpMalware Configuration Extractor: RedLine {"C2 url": "103.246.144.29:44301"}
                  Multi AV Scanner detection for submitted fileShow sources
                  Source: OfficialKiddionsModMenuV0.8.7.exeVirustotal: Detection: 26%Perma Link
                  Machine Learning detection for sampleShow sources
                  Source: OfficialKiddionsModMenuV0.8.7.exeJoe Sandbox ML: detected
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 10_2_0AB9E128 CryptUnprotectData,10_2_0AB9E128
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 10_2_0AB9E8A0 CryptUnprotectData,10_2_0AB9E8A0
                  Source: OfficialKiddionsModMenuV0.8.7.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
                  Source: Joe Sandbox ViewASN Name: EMAXXTELECOMCOLTD-AS-APEmaxxTelecomCoLtdKH EMAXXTELECOMCOLTD-AS-APEmaxxTelecomCoLtdKH
                  Source: Joe Sandbox ViewIP Address: 103.246.144.29 103.246.144.29
                  Source: global trafficTCP traffic: 192.168.2.3:49746 -> 103.246.144.29:44301
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.246.144.29
                  Source: AppLaunch.exe, 0000000A.00000002.351614640.0000000006F8F000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350886277.0000000006E0C000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmpString found in binary or memory: 6i9https://www.facebook.com/chat/video/videocalldownload.php equals www.facebook.com (Facebook)
                  Source: AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmpString found in binary or memory: ium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"divx-player":{"group_name_matcher":"*DivX Web Player*","help_url":"https://support.google.com/chrome/?p=plugin_divx","lang":"en-US","mime_types":["video/divx","video/x-matroska"],"name":"DivX Web Player","url":"http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe","versions":[{"status":"requires_authorization","version":"1.4.3.4"}]},"facebook-video-calling":{"group_name_matcher":"*Facebook Video*","lang":"en-US","mime_types":["application/skypesdk-plugin"],"name":"Facebook Video Calling","url":"https://www.facebook.com/chat/video/videocalldownload.php","versions":[{"comment":"We do not track version information for the Facebook Video Calling Plugin.","status":"requires_authorization","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"*Chrome PDF Viewer*","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"*Chrome PDF Plugin*","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-earth":{"group_name_matcher":"*Google Earth*","lang":"en-US","mime_types":["application/geplugin"],"name":"Google Earth","url":"http://www.google.com/earth/explore/products/plugin.html","versions":[{"comment":"We do not track version information for the Google Earth Plugin.","status":"requires_authorization","version":"0"}]},"google-talk":{"group_name_matcher":"*Google Talk*","mime_types":[],"name":"Google Talk","versions":[{"comment":"'Google Talk Plugin' and 'Google Talk Plugin Video Accelerator' use two completely different versioning schemes, so we can't define a minimum version.","status":"requires_authorization","version":"0"}]},"google-update":{"group_name_matcher":"Google Update","mime-types":[],"name":"Google Update","versions":[{"comment":"Google Update plugin is versioned but kept automatically up to date","status":"requires_authorization","version":"0"}]},"ibm-java-runtime-environment":{"group_name_matcher":"*IBM*Java*","mime_types":["application/x-java-applet","application/x-java-applet;jpi-version=1.7.0_05","application/x-java-applet;version=1.1","application/x-java-applet;version=1.1.1","application/x-java-applet;version=1.1.2","application/x-java-applet;version=1.1.3","application/x-java-applet;version=1.2","application/x-java-applet;version=1.2.1","application/x-java-applet;version=1.2.2","application/x-java-applet;version=1.3","application/x-java-applet;version=1.3.1","application/x-java-applet;version=1.4","application/x-java-applet;version=1.4.1","application/x-java-applet;version=1.4.2","application/x-java-applet;version=1.5","application/x-java-applet;version=1.6","application/x-java-applet;version=1.7","application/x-java
                  Source: AppLaunch.exe, 0000000A.00000002.351614640.0000000006F8F000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350886277.0000000006E0C000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmpString found in binary or memory: http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                  Source: AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmpString found in binary or memory: http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
                  Source: AppLaunch.exe, 0000000A.00000002.351614640.0000000006F8F000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350886277.0000000006E0C000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmpString found in binary or memory: http://forms.rea
                  Source: AppLaunch.exe, 0000000A.00000002.351614640.0000000006F8F000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350886277.0000000006E0C000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmpString found in binary or memory: http://forms.real.com/real/realone/download.html?type=rpsp_us
                  Source: AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmpString found in binary or memory: http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Sl
                  Source: AppLaunch.exe, 0000000A.00000002.351614640.0000000006F8F000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350886277.0000000006E0C000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmpString found in binary or memory: http://go.micros
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultD
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                  Source: AppLaunch.exe, 0000000A.00000002.350561310.0000000006D8B000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                  Source: AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                  Source: AppLaunch.exe, 0000000A.00000002.351614640.0000000006F8F000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350886277.0000000006E0C000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmpString found in binary or memory: http://service.r
                  Source: AppLaunch.exe, 0000000A.00000002.351614640.0000000006F8F000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350886277.0000000006E0C000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmpString found in binary or memory: http://service.real.com/realplayer/security/02062012_player/en/
                  Source: AppLaunch.exe, 0000000A.00000002.351614640.0000000006F8F000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350886277.0000000006E0C000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmpString found in binary or memory: http://support.a
                  Source: AppLaunch.exe, 0000000A.00000002.351614640.0000000006F8F000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350886277.0000000006E0C000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmpString found in binary or memory: http://support.apple.com/kb/HT203092
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350561310.0000000006D8B000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                  Source: AppLaunch.exe, 0000000A.00000002.351614640.0000000006F8F000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350561310.0000000006D8B000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                  Source: AppLaunch.exe, 0000000A.00000002.351614640.0000000006F8F000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350561310.0000000006D8B000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350561310.0000000006D8B000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350561310.0000000006D8B000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350561310.0000000006D8B000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350551346.0000000006D87000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350561310.0000000006D8B000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350561310.0000000006D8B000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350561310.0000000006D8B000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350561310.0000000006D8B000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350561310.0000000006D8B000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350561310.0000000006D8B000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350561310.0000000006D8B000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                  Source: AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350561310.0000000006D8B000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                  Source: AppLaunch.exe, 0000000A.00000002.351614640.0000000006F8F000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350886277.0000000006E0C000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmpString found in binary or memory: http://www.google.com/earth/explore/products/plugin.html
                  Source: AppLaunch.exe, 0000000A.00000002.351614640.0000000006F8F000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350886277.0000000006E0C000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmpString found in binary or memory: http://www.interoperabilitybridges.com/wmp-extension-for-chrome
                  Source: AppLaunch.exe, 0000000A.00000002.351614640.0000000006F8F000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351542491.0000000006F79000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350886277.0000000006E0C000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.353500698.0000000007F6C000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.353413406.0000000007EFB000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351328252.0000000006EB7000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350715517.0000000006DF6000.00000004.00000001.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                  Source: OfficialKiddionsModMenuV0.8.7.exe, 00000001.00000002.292031662.00000000000C2000.00000004.00000001.sdmp, OfficialKiddionsModMenuV0.8.7.exe, 00000001.00000003.291666157.0000000003B12000.00000040.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.348909899.0000000000402000.00000020.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpString found in binary or memory: https://api.ip.sb/ip
                  Source: AppLaunch.exe, 0000000A.00000002.351614640.0000000006F8F000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351542491.0000000006F79000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350886277.0000000006E0C000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.353500698.0000000007F6C000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.353413406.0000000007EFB000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351328252.0000000006EB7000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350715517.0000000006DF6000.00000004.00000001.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351328252.0000000006EB7000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350715517.0000000006DF6000.00000004.00000001.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: AppLaunch.exe, 0000000A.00000002.351614640.0000000006F8F000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351542491.0000000006F79000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350886277.0000000006E0C000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.353500698.0000000007F6C000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.353413406.0000000007EFB000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351328252.0000000006EB7000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350715517.0000000006DF6000.00000004.00000001.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                  Source: AppLaunch.exe, 0000000A.00000002.351614640.0000000006F8F000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350886277.0000000006E0C000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab4
                  Source: AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351328252.0000000006EB7000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350715517.0000000006DF6000.00000004.00000001.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: AppLaunch.exe, 0000000A.00000002.351614640.0000000006F8F000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350886277.0000000006E0C000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmpString found in binary or memory: https://get.adob
                  Source: AppLaunch.exe, 0000000A.00000002.351614640.0000000006F8F000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350886277.0000000006E0C000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmpString found in binary or memory: https://helpx.ad
                  Source: AppLaunch.exe, 0000000A.00000002.351614640.0000000006F8F000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351542491.0000000006F79000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350886277.0000000006E0C000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.353500698.0000000007F6C000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.353413406.0000000007EFB000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351328252.0000000006EB7000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350715517.0000000006DF6000.00000004.00000001.sdmpString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                  Source: AppLaunch.exe, 0000000A.00000002.351614640.0000000006F8F000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351542491.0000000006F79000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350886277.0000000006E0C000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.353500698.0000000007F6C000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.353413406.0000000007EFB000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351328252.0000000006EB7000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350715517.0000000006DF6000.00000004.00000001.sdmpString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                  Source: AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_divx
                  Source: AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
                  Source: AppLaunch.exe, 0000000A.00000002.351614640.0000000006F8F000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350886277.0000000006E0C000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_java
                  Source: AppLaunch.exe, 0000000A.00000002.351614640.0000000006F8F000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350886277.0000000006E0C000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_pdf
                  Source: AppLaunch.exe, 0000000A.00000002.351614640.0000000006F8F000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350886277.0000000006E0C000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_quicktime
                  Source: AppLaunch.exe, 0000000A.00000002.351614640.0000000006F8F000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350886277.0000000006E0C000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_real
                  Source: AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_shockwave
                  Source: AppLaunch.exe, 0000000A.00000002.351614640.0000000006F8F000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350886277.0000000006E0C000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_wmp
                  Source: AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/answer/6258784
                  Source: AppLaunch.exe, 0000000A.00000002.351614640.0000000006F8F000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351542491.0000000006F79000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350886277.0000000006E0C000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.353500698.0000000007F6C000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.353413406.0000000007EFB000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351328252.0000000006EB7000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350715517.0000000006DF6000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                  Source: OfficialKiddionsModMenuV0.8.7.exe, 00000001.00000002.294473503.0000000000E1A000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

                  System Summary:

                  barindex
                  PE file has nameless sectionsShow sources
                  Source: OfficialKiddionsModMenuV0.8.7.exeStatic PE information: section name:
                  Source: OfficialKiddionsModMenuV0.8.7.exeStatic PE information: section name:
                  Source: OfficialKiddionsModMenuV0.8.7.exeStatic PE information: section name:
                  Source: OfficialKiddionsModMenuV0.8.7.exeStatic PE information: section name:
                  Source: OfficialKiddionsModMenuV0.8.7.exeStatic PE information: section name:
                  Source: OfficialKiddionsModMenuV0.8.7.exeStatic PE information: section name:
                  Source: OfficialKiddionsModMenuV0.8.7.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
                  Source: C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exeCode function: 1_3_02A6C6A41_3_02A6C6A4
                  Source: C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exeCode function: 1_3_02A6C6B31_3_02A6C6B3
                  Source: C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exeCode function: 1_3_02A6C68A1_3_02A6C68A
                  Source: C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exeCode function: 1_3_02A6C69D1_3_02A6C69D
                  Source: C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exeCode function: 1_3_02A6C6F01_3_02A6C6F0
                  Source: C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exeCode function: 1_3_02A6C6DB1_3_02A6C6DB
                  Source: C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exeCode function: 1_3_02A6C67B1_3_02A6C67B
                  Source: C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exeCode function: 1_3_02A6C7281_3_02A6C728
                  Source: C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exeCode function: 1_3_02A6C7091_3_02A6C709
                  Source: C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exeCode function: 1_3_02A6C7181_3_02A6C718
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 10_2_0533EC2810_2_0533EC28
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 10_2_0A27E29810_2_0A27E298
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 10_2_0A27988010_2_0A279880
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 10_2_0A2751D010_2_0A2751D0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 10_2_0A27B9D810_2_0A27B9D8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 10_2_0A27AEB810_2_0A27AEB8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 10_2_0A277F7010_2_0A277F70
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 10_2_0A93DDF010_2_0A93DDF0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 10_2_0A9318C010_2_0A9318C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 10_2_0AB9080010_2_0AB90800
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 10_2_0AB929C010_2_0AB929C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 10_2_0AB90D9F10_2_0AB90D9F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 10_2_0AB9B2D710_2_0AB9B2D7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 10_2_0AB9430810_2_0AB94308
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 10_2_0AB9134010_2_0AB91340
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 10_2_0AB99B2010_2_0AB99B20
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 10_2_0AB9D3BA10_2_0AB9D3BA
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 10_2_0AB9B6D810_2_0AB9B6D8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 10_2_0AB907F210_2_0AB907F2
                  Source: OfficialKiddionsModMenuV0.8.7.exe, 00000001.00000003.282742747.00000000028B0000.00000004.00000001.sdmpBinary or memory string: OriginalFilename vs OfficialKiddionsModMenuV0.8.7.exe
                  Source: OfficialKiddionsModMenuV0.8.7.exe, 00000001.00000003.282742747.00000000028B0000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameSV vs OfficialKiddionsModMenuV0.8.7.exe
                  Source: OfficialKiddionsModMenuV0.8.7.exe, 00000001.00000003.291717303.0000000003B2C000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameMares.exe4 vs OfficialKiddionsModMenuV0.8.7.exe
                  Source: OfficialKiddionsModMenuV0.8.7.exe, 00000001.00000002.294607982.0000000002911000.00000040.00000001.sdmpBinary or memory string: OriginalFilename vs OfficialKiddionsModMenuV0.8.7.exe
                  Source: OfficialKiddionsModMenuV0.8.7.exe, 00000001.00000002.294607982.0000000002911000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameSV vs OfficialKiddionsModMenuV0.8.7.exe
                  Source: OfficialKiddionsModMenuV0.8.7.exe, 00000001.00000002.292031662.00000000000C2000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameMares.exe4 vs OfficialKiddionsModMenuV0.8.7.exe
                  Source: OfficialKiddionsModMenuV0.8.7.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESERVED size: 0x100000 address: 0x0
                  Source: OfficialKiddionsModMenuV0.8.7.exeStatic PE information: Section: ZLIB complexity 1.00043874547
                  Source: OfficialKiddionsModMenuV0.8.7.exeStatic PE information: Section: ZLIB complexity 1.00051229508
                  Source: OfficialKiddionsModMenuV0.8.7.exeStatic PE information: Section: ZLIB complexity 1.0107421875
                  Source: OfficialKiddionsModMenuV0.8.7.exeVirustotal: Detection: 26%
                  Source: C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exe "C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exe"
                  Source: C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                  Source: C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile created: C:\Users\user\AppData\Local\YandexJump to behavior
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/1@0/1
                  Source: C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                  Source: OfficialKiddionsModMenuV0.8.7.exeStatic file information: File size 4397056 > 1048576
                  Source: OfficialKiddionsModMenuV0.8.7.exeStatic PE information: Raw size of is bigger than: 0x100000 < 0x3cd400
                  Source: C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exeCode function: 1_3_02A742F8 push ecx; retf 1_3_02A742F9
                  Source: C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exeCode function: 1_3_02A70E28 push ebp; ret 1_3_02A70E30
                  Source: C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exeCode function: 1_3_02A6E66B pushfd ; ret 1_3_02A6E695
                  Source: C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exeCode function: 1_3_02A6CB8F push cs; retf 1_3_02A6CB97
                  Source: C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exeCode function: 1_3_02A747C7 push ebx; iretd 1_3_02A747C8
                  Source: C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exeCode function: 1_3_02A71F21 push edx; ret 1_3_02A71F2D
                  Source: C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exeCode function: 1_3_02A6CB1D push edi; iretd 1_3_02A6CB1F
                  Source: C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exeCode function: 1_3_02A6EB70 push ecx; iretd 1_3_02A6EB7F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 10_2_05333C58 push esp; iretd 10_2_05333C91
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 10_2_05333C93 push esp; iretd 10_2_05333C91
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 10_2_0A27D042 pushad ; retf 10_2_0A27D043
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 10_2_0A9318B0 push esp; retf 10_2_0A9318B9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 10_2_0AB9F9B8 push E863A1F5h; retf 10_2_0AB9FA01
                  Source: OfficialKiddionsModMenuV0.8.7.exeStatic PE information: section name:
                  Source: OfficialKiddionsModMenuV0.8.7.exeStatic PE information: section name:
                  Source: OfficialKiddionsModMenuV0.8.7.exeStatic PE information: section name:
                  Source: OfficialKiddionsModMenuV0.8.7.exeStatic PE information: section name:
                  Source: OfficialKiddionsModMenuV0.8.7.exeStatic PE information: section name:
                  Source: OfficialKiddionsModMenuV0.8.7.exeStatic PE information: section name:
                  Source: OfficialKiddionsModMenuV0.8.7.exeStatic PE information: section name: .yke1AWY
                  Source: OfficialKiddionsModMenuV0.8.7.exeStatic PE information: section name: .adata
                  Source: OfficialKiddionsModMenuV0.8.7.exeStatic PE information: real checksum: 0x438810 should be: 0x43a204
                  Source: initial sampleStatic PE information: section name: entropy: 7.99788481833
                  Source: initial sampleStatic PE information: section name: entropy: 7.9951936828
                  Source: initial sampleStatic PE information: section name: entropy: 7.79914503297
                  Source: initial sampleStatic PE information: section name: .rsrc entropy: 6.95928882324
                  Source: initial sampleStatic PE information: section name: .yke1AWY entropy: 7.91755317496

                  Hooking and other Techniques for Hiding and Protection:

                  barindex
                  Overwrites code with unconditional jumps - possibly settings hooks in foreign processShow sources
                  Source: C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exeMemory written: PID: 7072 base: 2990005 value: E9 FB BF C8 74 Jump to behavior
                  Source: C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exeMemory written: PID: 7072 base: 7761C000 value: E9 0A 40 37 8B Jump to behavior
                  Source: C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exeMemory written: PID: 7072 base: 2B50008 value: E9 AB E0 B0 74 Jump to behavior
                  Source: C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exeMemory written: PID: 7072 base: 7765E0B0 value: E9 60 1F 4F 8B Jump to behavior
                  Source: C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exeMemory written: PID: 7072 base: 2CB0005 value: E9 CB 5A C5 73 Jump to behavior
                  Source: C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exeMemory written: PID: 7072 base: 76905AD0 value: E9 3A A5 3A 8C Jump to behavior
                  Source: C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exeMemory written: PID: 7072 base: 2D70005 value: E9 5B B0 BB 73 Jump to behavior
                  Source: C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exeMemory written: PID: 7072 base: 7692B060 value: E9 AA 4F 44 8C Jump to behavior
                  Source: C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exeMemory written: PID: 7072 base: 3AF0005 value: E9 DB F8 A5 70 Jump to behavior
                  Source: C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exeMemory written: PID: 7072 base: 7454F8E0 value: E9 2A 07 5A 8F Jump to behavior
                  Source: C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exeMemory written: PID: 7072 base: 3B00005 value: E9 FB 42 A7 70 Jump to behavior
                  Source: C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exeMemory written: PID: 7072 base: 74574300 value: E9 0A BD 58 8F Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion:

                  barindex
                  Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
                  Source: OfficialKiddionsModMenuV0.8.7.exe, 00000001.00000002.292430105.0000000000435000.00000020.00020000.sdmpBinary or memory string: OUSBIEDLL.DLLVHE%
                  Source: OfficialKiddionsModMenuV0.8.7.exe, 00000001.00000002.292430105.0000000000435000.00000020.00020000.sdmpBinary or memory string: OUSBIEDLL.DLL
                  Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)Show sources
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                  Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)Show sources
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe TID: 6136Thread sleep time: -6456360425798339s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe TID: 6732Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeRegistry key enumerated: More than 149 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWindow / User API: threadDelayed 2128Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWindow / User API: threadDelayed 889Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: OfficialKiddionsModMenuV0.8.7.exe, 00000001.00000002.294473503.0000000000E1A000.00000004.00000020.sdmp, AppLaunch.exe, 0000000A.00000002.350037953.000000000500C000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion:

                  barindex
                  Writes to foreign memory regionsShow sources
                  Source: C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000Jump to behavior
                  Source: C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 4A89008Jump to behavior
                  Tries to shutdown other security tools via broadcasted WM_QUERYENDSESSIONShow sources
                  Source: C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exeMessage posted: Message id: QUERYENDSESSIONJump to behavior
                  Allocates memory in foreign processesShow sources
                  Source: C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000 protect: page execute and read and writeJump to behavior
                  Injects a PE file into a foreign processesShow sources
                  Source: C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                  Stealing of Sensitive Information:

                  barindex
                  Yara detected RedLine StealerShow sources
                  Source: Yara matchFile source: 1.2.OfficialKiddionsModMenuV0.8.7.exe.c3b54.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 1.3.OfficialKiddionsModMenuV0.8.7.exe.3b10000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000001.00000002.292031662.00000000000C2000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.348909899.0000000000402000.00000020.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000001.00000003.291666157.0000000003B12000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: dump.pcap, type: PCAP
                  Tries to steal Crypto Currency WalletsShow sources
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                  Tries to harvest and steal browser information (history, passwords, etc)Show sources
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: Yara matchFile source: Process Memory Space: AppLaunch.exe PID: 6652, type: MEMORYSTR

                  Remote Access Functionality:

                  barindex
                  Yara detected RedLine StealerShow sources
                  Source: Yara matchFile source: 1.2.OfficialKiddionsModMenuV0.8.7.exe.c3b54.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 1.3.OfficialKiddionsModMenuV0.8.7.exe.3b10000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000001.00000002.292031662.00000000000C2000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.348909899.0000000000402000.00000020.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000001.00000003.291666157.0000000003B12000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: dump.pcap, type: PCAP

                  Mitre Att&ck Matrix

                  Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                  Valid AccountsWindows Management Instrumentation221Path InterceptionProcess Injection311Masquerading1OS Credential Dumping1Security Software Discovery321Remote ServicesCredential API Hooking1Exfiltration Over Other Network MediumEncrypted Channel2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                  Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDisable or Modify Tools11Credential API Hooking1Process Discovery11Remote Desktop ProtocolInput Capture1Exfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                  Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion231Input Capture1Virtualization/Sandbox Evasion231SMB/Windows Admin SharesArchive Collected Data1Automated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                  Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection311NTDSApplication Window Discovery1Distributed Component Object ModelData from Local System2Scheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                  Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptObfuscated Files or Information2LSA SecretsSystem Information Discovery123SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                  Replication Through Removable MediaLaunchdRc.commonRc.commonSoftware Packing2Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  OfficialKiddionsModMenuV0.8.7.exe26%VirustotalBrowse
                  OfficialKiddionsModMenuV0.8.7.exe100%Joe Sandbox ML

                  Dropped Files

                  No Antivirus matches

                  Unpacked PE Files

                  SourceDetectionScannerLabelLinkDownload
                  1.0.OfficialKiddionsModMenuV0.8.7.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                  1.1.OfficialKiddionsModMenuV0.8.7.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                  1.2.OfficialKiddionsModMenuV0.8.7.exe.400000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  http://service.r0%URL Reputationsafe
                  http://tempuri.org/Entity/Id12Response0%URL Reputationsafe
                  http://tempuri.org/0%URL Reputationsafe
                  http://tempuri.org/Entity/Id2Response0%URL Reputationsafe
                  http://tempuri.org/Entity/Id21Response0%URL Reputationsafe
                  http://tempuri.org/Entity/Id90%URL Reputationsafe
                  http://tempuri.org/Entity/Id80%URL Reputationsafe
                  http://tempuri.org/Entity/Id50%URL Reputationsafe
                  http://tempuri.org/Entity/Id40%URL Reputationsafe
                  http://tempuri.org/Entity/Id70%URL Reputationsafe
                  http://tempuri.org/Entity/Id60%URL Reputationsafe
                  http://tempuri.org/Entity/Id19Response0%URL Reputationsafe
                  http://www.interoperabilitybridges.com/wmp-extension-for-chrome0%URL Reputationsafe
                  http://tempuri.org/Entity/Id15Response0%URL Reputationsafe
                  http://support.a0%URL Reputationsafe
                  http://tempuri.org/Entity/Id6Response0%URL Reputationsafe
                  https://api.ip.sb/ip0%URL Reputationsafe
                  http://tempuri.org/Entity/Id9Response0%URL Reputationsafe
                  http://tempuri.org/Entity/Id200%URL Reputationsafe
                  http://tempuri.org/Entity/Id210%URL Reputationsafe
                  http://tempuri.org/Entity/Id220%URL Reputationsafe
                  http://tempuri.org/Entity/Id230%URL Reputationsafe
                  http://tempuri.org/Entity/Id240%URL Reputationsafe
                  http://tempuri.org/Entity/Id24Response0%URL Reputationsafe
                  http://tempuri.org/Entity/Id1Response0%URL Reputationsafe
                  http://forms.rea0%URL Reputationsafe
                  http://tempuri.org/Entity/Id100%URL Reputationsafe
                  http://tempuri.org/Entity/Id110%URL Reputationsafe
                  http://tempuri.org/Entity/Id120%URL Reputationsafe
                  http://tempuri.org/Entity/Id16Response0%URL Reputationsafe
                  http://tempuri.org/Entity/Id130%URL Reputationsafe
                  http://tempuri.org/Entity/Id140%URL Reputationsafe
                  http://tempuri.org/Entity/Id150%URL Reputationsafe
                  http://tempuri.org/Entity/Id160%URL Reputationsafe
                  http://tempuri.org/Entity/Id170%URL Reputationsafe
                  http://tempuri.org/Entity/Id180%URL Reputationsafe
                  http://tempuri.org/Entity/Id5Response0%URL Reputationsafe
                  http://tempuri.org/Entity/Id190%URL Reputationsafe
                  http://tempuri.org/Entity/Id10Response0%URL Reputationsafe
                  http://tempuri.org/Entity/Id8Response0%URL Reputationsafe

                  Domains and IPs

                  Contacted Domains

                  No contacted domains info

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#TextAppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                    		high
                    http://schemas.xmlsoap.org/ws/2005/02/sc/sctAppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                      		high
                      https://duckduckgo.com/chrome_newtabAppLaunch.exe, 0000000A.00000002.351614640.0000000006F8F000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351542491.0000000006F79000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350886277.0000000006E0C000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.353500698.0000000007F6C000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.353413406.0000000007EFB000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351328252.0000000006EB7000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350715517.0000000006DF6000.00000004.00000001.sdmpfalse
                        		high
                        http://service.rAppLaunch.exe, 0000000A.00000002.351614640.0000000006F8F000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350886277.0000000006E0C000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkAppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                          		high
                          https://duckduckgo.com/ac/?q=AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351328252.0000000006EB7000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350715517.0000000006DF6000.00000004.00000001.sdmpfalse
                            		high
                            http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinaryAppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                              		high
                              http://tempuri.org/Entity/Id12ResponseAppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://tempuri.org/AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://tempuri.org/Entity/Id2ResponseAppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                                		high
                                http://tempuri.org/Entity/Id21ResponseAppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350561310.0000000006D8B000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_WrapAppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                                  		high
                                  http://tempuri.org/Entity/Id9AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDAppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                                    		high
                                    http://tempuri.org/Entity/Id8AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://tempuri.org/Entity/Id5AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/PrepareAppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                                      		high
                                      http://tempuri.org/Entity/Id4AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://tempuri.org/Entity/Id7AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://tempuri.org/Entity/Id6AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretAppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                                        		high
                                        https://support.google.com/chrome/?p=plugin_realAppLaunch.exe, 0000000A.00000002.351614640.0000000006F8F000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350886277.0000000006E0C000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmpfalse
                                          		high
                                          http://tempuri.org/Entity/Id19ResponseAppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licenseAppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                                            		high
                                            http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/IssueAppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                                              		high
                                              http://www.interoperabilitybridges.com/wmp-extension-for-chromeAppLaunch.exe, 0000000A.00000002.351614640.0000000006F8F000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350886277.0000000006E0C000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://schemas.xmlsoap.org/ws/2004/10/wsat/AbortedAppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                                                		high
                                                http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequenceAppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpfalse
                                                  		high
                                                  https://support.google.com/chrome/?p=plugin_pdfAppLaunch.exe, 0000000A.00000002.351614640.0000000006F8F000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350886277.0000000006E0C000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmpfalse
                                                    		high
                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/faultAppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                                                      		high
                                                      http://schemas.xmlsoap.org/ws/2004/10/wsatAppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                                                        		high
                                                        http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeyAppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                                                          		high
                                                          http://tempuri.org/Entity/Id15ResponseAppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350561310.0000000006D8B000.00000004.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameAppLaunch.exe, 0000000A.00000002.350561310.0000000006D8B000.00000004.00000001.sdmpfalse
                                                            		high
                                                            http://forms.real.com/real/realone/download.html?type=rpsp_usAppLaunch.exe, 0000000A.00000002.351614640.0000000006F8F000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350886277.0000000006E0C000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmpfalse
                                                              		high
                                                              http://support.aAppLaunch.exe, 0000000A.00000002.351614640.0000000006F8F000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350886277.0000000006E0C000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/RenewAppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                                                                		high
                                                                http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterAppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                                                                  		high
                                                                  http://tempuri.org/Entity/Id6ResponseAppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350561310.0000000006D8B000.00000004.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeyAppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                                                                    		high
                                                                    https://api.ip.sb/ipOfficialKiddionsModMenuV0.8.7.exe, 00000001.00000002.292031662.00000000000C2000.00000004.00000001.sdmp, OfficialKiddionsModMenuV0.8.7.exe, 00000001.00000003.291666157.0000000003B12000.00000040.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.348909899.0000000000402000.00000020.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exeAppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmpfalse
                                                                      		high
                                                                      https://support.google.com/chrome/?p=plugin_quicktimeAppLaunch.exe, 0000000A.00000002.351614640.0000000006F8F000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350886277.0000000006E0C000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmpfalse
                                                                        		high
                                                                        http://schemas.xmlsoap.org/ws/2004/04/scAppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                                                                          		high
                                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCAppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                                                                            		high
                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/CancelAppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                                                                              		high
                                                                              http://tempuri.org/Entity/Id9ResponseAppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350561310.0000000006D8B000.00000004.00000001.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351328252.0000000006EB7000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350715517.0000000006DF6000.00000004.00000001.sdmpfalse
                                                                                		high
                                                                                http://tempuri.org/Entity/Id20AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                http://tempuri.org/Entity/Id21AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350551346.0000000006D87000.00000004.00000001.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                http://tempuri.org/Entity/Id22AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                                                                                  		high
                                                                                  http://tempuri.org/Entity/Id23AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                                                                                    		high
                                                                                    http://tempuri.org/Entity/Id24AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/IssueAppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                                                                                      		high
                                                                                      http://tempuri.org/Entity/Id24ResponseAppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      http://tempuri.org/Entity/Id1ResponseAppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedAppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpfalse
                                                                                        		high
                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlyAppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                                                                                          		high
                                                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/ReplayAppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                                                                                            		high
                                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegoAppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                                                                                              		high
                                                                                              http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64BinaryAppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                                                                                                		high
                                                                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCAppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                                                                                                  		high
                                                                                                  http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeyAppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                                                                                                    		high
                                                                                                    http://schemas.xmlsoap.org/ws/2004/08/addressingAppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpfalse
                                                                                                      		high
                                                                                                      https://support.google.com/chrome/?p=plugin_shockwaveAppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmpfalse
                                                                                                        		high
                                                                                                        http://forms.reaAppLaunch.exe, 0000000A.00000002.351614640.0000000006F8F000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350886277.0000000006E0C000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueAppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                                                                                                          		high
                                                                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/CompletionAppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            http://schemas.xmlsoap.org/ws/2004/04/trustAppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                                                                                                              		high
                                                                                                              http://tempuri.org/Entity/Id10AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://tempuri.org/Entity/Id11AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://tempuri.org/Entity/Id12AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://tempuri.org/Entity/Id16ResponseAppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponseAppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                                                                                                                		high
                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/CancelAppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://tempuri.org/Entity/Id13AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  http://tempuri.org/Entity/Id14AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  http://tempuri.org/Entity/Id15AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  http://tempuri.org/Entity/Id16AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/NonceAppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://tempuri.org/Entity/Id17AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    http://tempuri.org/Entity/Id18AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    http://tempuri.org/Entity/Id5ResponseAppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350561310.0000000006D8B000.00000004.00000001.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    http://tempuri.org/Entity/Id19AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    http://schemas.xmlsoap.org/ws/2004/08/addressing/faultDAppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsAppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://tempuri.org/Entity/Id10ResponseAppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350561310.0000000006D8B000.00000004.00000001.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RenewAppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://tempuri.org/Entity/Id8ResponseAppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350561310.0000000006D8B000.00000004.00000001.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          https://support.google.com/chrome/?p=plugin_wmpAppLaunch.exe, 0000000A.00000002.351614640.0000000006F8F000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.350886277.0000000006E0C000.00000004.00000001.sdmp, AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKeyAppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0AppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDAppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://support.google.com/chrome/answer/6258784AppLaunch.exe, 0000000A.00000002.351383258.0000000006ECE000.00000004.00000001.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTAppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://schemas.xmlsoap.org/ws/2006/02/addressingidentityAppLaunch.exe, 0000000A.00000002.350492242.0000000006D10000.00000004.00000001.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://schemas.xmlsoap.org/soap/envelope/AppLaunch.exe, 0000000A.00000002.350441198.0000000006C81000.00000004.00000001.sdmpfalse
                                                                                                                                          		high

                                                                                                                                          Contacted IPs

                                                                                                                                          • No. of IPs < 25%
                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                          • 75% < No. of IPs

                                                                                                                                          Public

                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                          103.246.144.29
                                                                                                                                          		unknownCambodia
                                                                                                                                          		58447EMAXXTELECOMCOLTD-AS-APEmaxxTelecomCoLtdKHtrue

                                                                                                                                          General Information

                                                                                                                                          Joe Sandbox Version:34.0.0 Boulder Opal
                                                                                                                                          Analysis ID:546181
                                                                                                                                          Start date:29.12.2021
                                                                                                                                          Start time:08:50:28
                                                                                                                                          Joe Sandbox Product:CloudBasic
                                                                                                                                          Overall analysis duration:0h 7m 33s
                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                          Report type:full
                                                                                                                                          Sample file name:OfficialKiddionsModMenuV0.8.7.exe
                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                          Number of analysed new started processes analysed:24
                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                          Technologies:
                                                                                                                                          • HCA enabled
                                                                                                                                          • EGA enabled
                                                                                                                                          • HDC enabled
                                                                                                                                          • AMSI enabled
                                                                                                                                          Analysis Mode:default
                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                          Detection:MAL
                                                                                                                                          Classification:mal100.troj.spyw.evad.winEXE@3/1@0/1
                                                                                                                                          EGA Information:Failed
                                                                                                                                          HDC Information:
                                                                                                                                          • Successful, ratio: 88.1% (good quality ratio 73.8%)
                                                                                                                                          • Quality average: 64.2%
                                                                                                                                          • Quality standard deviation: 34.1%
                                                                                                                                          HCA Information:
                                                                                                                                          • Successful, ratio: 87%
                                                                                                                                          • Number of executed functions: 196
                                                                                                                                          • Number of non-executed functions: 22
                                                                                                                                          Cookbook Comments:
                                                                                                                                          • Adjust boot time
                                                                                                                                          • Enable AMSI
                                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                                          Warnings:
                                                                                                                                          Show All
                                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                                                                                                          • Excluded IPs from analysis (whitelisted): 23.203.78.112
                                                                                                                                          • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, wildcard.weather.microsoft.com.edgekey.net, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, cdn.onenote.net, e15275.g.akamaiedge.net, arc.msn.com
                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                          Simulations

                                                                                                                                          Behavior and APIs

                                                                                                                                          TimeTypeDescription
                                                                                                                                          08:51:51API Interceptor17x Sleep call for process: AppLaunch.exe modified

                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                          IPs

                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                          103.246.144.29Jxc9Byos8i.exeGet hashmaliciousBrowse
                                                                                                                                            Fortnite Hack Mod v1.4.exeGet hashmaliciousBrowse
                                                                                                                                              GenshinHack.exeGet hashmaliciousBrowse
                                                                                                                                                FgYKoqYPSF.exeGet hashmaliciousBrowse
                                                                                                                                                  957ed2e3e12649457ccc30d7c67b31d3362460c9aa1b3.exeGet hashmaliciousBrowse

                                                                                                                                                    Domains

                                                                                                                                                    No context

                                                                                                                                                    ASN

                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                    EMAXXTELECOMCOLTD-AS-APEmaxxTelecomCoLtdKHKiddion's Modest Menu v0.8.1.exeGet hashmaliciousBrowse
                                                                                                                                                    • 103.246.146.216
                                                                                                                                                    8hKHnoXi7o.exeGet hashmaliciousBrowse
                                                                                                                                                    • 103.246.146.48
                                                                                                                                                    Jxc9Byos8i.exeGet hashmaliciousBrowse
                                                                                                                                                    • 103.246.144.29
                                                                                                                                                    SecuriteInfo.com.Trojan.Siggen15.58239.16303.exeGet hashmaliciousBrowse
                                                                                                                                                    • 103.246.145.110
                                                                                                                                                    SecuriteInfo.com.Trojan.PWS.Steam.21709.26420.exeGet hashmaliciousBrowse
                                                                                                                                                    • 103.246.145.110
                                                                                                                                                    Fortnite Hack Mod v1.4.exeGet hashmaliciousBrowse
                                                                                                                                                    • 103.246.144.29
                                                                                                                                                    GenshinHack.exeGet hashmaliciousBrowse
                                                                                                                                                    • 103.246.144.29
                                                                                                                                                    FgYKoqYPSF.exeGet hashmaliciousBrowse
                                                                                                                                                    • 103.246.144.29
                                                                                                                                                    Vc90gP8W1bGet hashmaliciousBrowse
                                                                                                                                                    • 103.246.145.79
                                                                                                                                                    957ed2e3e12649457ccc30d7c67b31d3362460c9aa1b3.exeGet hashmaliciousBrowse
                                                                                                                                                    • 103.246.144.29
                                                                                                                                                    XQ8DZQMku6.exeGet hashmaliciousBrowse
                                                                                                                                                    • 103.246.146.160
                                                                                                                                                    Cheat v 3.2.exeGet hashmaliciousBrowse
                                                                                                                                                    • 103.246.145.160
                                                                                                                                                    PXi9kuO7kJ.exeGet hashmaliciousBrowse
                                                                                                                                                    • 103.246.144.89
                                                                                                                                                    yGYZvqJ1bd.exeGet hashmaliciousBrowse
                                                                                                                                                    • 103.246.144.69
                                                                                                                                                    fQ2NmaZhgK.exeGet hashmaliciousBrowse
                                                                                                                                                    • 103.246.146.247
                                                                                                                                                    03r2Ylx12g.exeGet hashmaliciousBrowse
                                                                                                                                                    • 103.246.146.46
                                                                                                                                                    6c9g4NyLcP.exeGet hashmaliciousBrowse
                                                                                                                                                    • 103.246.146.46
                                                                                                                                                    setup.exeGet hashmaliciousBrowse
                                                                                                                                                    • 103.246.146.46
                                                                                                                                                    setup.exeGet hashmaliciousBrowse
                                                                                                                                                    • 103.246.146.46
                                                                                                                                                    Q2DeP4hhM5.exeGet hashmaliciousBrowse
                                                                                                                                                    • 103.246.147.66

                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                    No context

                                                                                                                                                    Dropped Files

                                                                                                                                                    No context

                                                                                                                                                    Created / dropped Files

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AppLaunch.exe.log
                                                                                                                                                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2291
                                                                                                                                                    Entropy (8bit):5.3192079301865585
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:MOfHK5HKXAHKhBHKdHKB1AHKzvQTHmYHKhQnoPtHoxHImHKAHK1HxLHG1qHqH5HX:vq5qXAqLqdqUqzcGYqhQnoPtIxHbqAqG
                                                                                                                                                    MD5:174E563C986AB09114A6F31F870A6E13
                                                                                                                                                    SHA1:F68EFDC04D0559B24C448E629A0115F2E6C3B39D
                                                                                                                                                    SHA-256:465C8001CEFD747AF8A94EDD62CC829D8DFF4D6BED174591DA0B71E10FDC584F
                                                                                                                                                    SHA-512:252A2B615BB7BB4223F0873F41CC7C4BC6576172CD704DD93926E004CD5795CA5DC2DE3332586BF3C44E0B564148A7661563C00B204649C7A5594C097C1E9ECE
                                                                                                                                                    Malicious:false
                                                                                                                                                    Reputation:moderate, very likely benign file
                                                                                                                                                    Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"SMDiagnostics, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\34957343ad5d84daee97a1affda91665\System.Runtime.Serialization.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21e8e2b95c\System.Xml.ni.dll",0..2,"System.ServiceModel.Internals, Version=4.0.0.0, Culture=

                                                                                                                                                    Static File Info

                                                                                                                                                    General

                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                    Entropy (8bit):7.999073227693366
                                                                                                                                                    TrID:
                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                    File name:OfficialKiddionsModMenuV0.8.7.exe
                                                                                                                                                    File size:4397056
                                                                                                                                                    MD5:7de3896baf12500f3e1cd311e2340806
                                                                                                                                                    SHA1:500b906981aaa4810848643f1d8c17efa87bad20
                                                                                                                                                    SHA256:213fce24e326925749adebaff2d85e23bba2b616c872e2089b23fa231f18756e
                                                                                                                                                    SHA512:d08cf4dcb3170f4654ef7121078b2c902285732dc3b2292d1a1e9d576f639050c98c08e8d1391b1bfa46f313bb9b8840968b86077d5e52f49e882994f13abef1
                                                                                                                                                    SSDEEP:98304:xmAM03cGX50EXFEACRwiGbJ3hjOQxsaS3XnLUBzEydzEI:xBM03c+0ACRZGNBdONXe5
                                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.a................. ...................@....@...........................n.......C....................................

                                                                                                                                                    File Icon

                                                                                                                                                    Icon Hash:00828e8e8686b000

                                                                                                                                                    Static PE Info

                                                                                                                                                    General

                                                                                                                                                    Entrypoint:0x401000
                                                                                                                                                    Entrypoint Section:
                                                                                                                                                    Digitally signed:false
                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                    Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
                                                                                                                                                    DLL Characteristics:TERMINAL_SERVER_AWARE, NX_COMPAT
                                                                                                                                                    Time Stamp:0x61CB6117 [Tue Dec 28 19:10:15 2021 UTC]
                                                                                                                                                    TLS Callbacks:
                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                    OS Version Major:6
                                                                                                                                                    OS Version Minor:0
                                                                                                                                                    File Version Major:6
                                                                                                                                                    File Version Minor:0
                                                                                                                                                    Subsystem Version Major:6
                                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                                    Import Hash:9a4258c5d218cf6e5c500e8415d5f5ed

                                                                                                                                                    Entrypoint Preview

                                                                                                                                                    Instruction
                                                                                                                                                    push 00A9E001h
                                                                                                                                                    call 00007F928879CFB6h
                                                                                                                                                    ret
                                                                                                                                                    ret
                                                                                                                                                    js 00007F928879D003h
                                                                                                                                                    sbb eax, B4729368h
                                                                                                                                                    pop edi
                                                                                                                                                    jecxz 00007F928879CF38h
                                                                                                                                                    jl 00007F928879CF9Ch
                                                                                                                                                    pushad
                                                                                                                                                    fdivr dword ptr [ecx]
                                                                                                                                                    mov dword ptr [esi-19286F1Bh], edi
                                                                                                                                                    xchg eax, ecx
                                                                                                                                                    push ebp
                                                                                                                                                    daa
                                                                                                                                                    and esp, dword ptr [esi+5517E0F3h]
                                                                                                                                                    and bh, byte ptr [edi]
                                                                                                                                                    and dword ptr [esi], eax
                                                                                                                                                    adc dword ptr [esi+03h], ebx
                                                                                                                                                    shr ebx, cl
                                                                                                                                                    push ss
                                                                                                                                                    salc
                                                                                                                                                    pushad
                                                                                                                                                    inc ebp
                                                                                                                                                    outsd
                                                                                                                                                    push ds
                                                                                                                                                    out A0h, al
                                                                                                                                                    into
                                                                                                                                                    jno 00007F928879CFC7h
                                                                                                                                                    pop ss
                                                                                                                                                    cmc
                                                                                                                                                    pop edi

                                                                                                                                                    Data Directories

                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x69ec7c0x19c.yke1AWY
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x69d0000x1d5.rsrc
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x100000

                                                                                                                                                    Sections

                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                    0x10000x220000x11400False1.00043874547data7.99788481833IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                    0x230000x47c0x0False0empty0.0IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                    0x240000xf0000x7a00False1.00051229508data7.9951936828IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                    0x330000x20000x400False1.0107421875data7.79914503297IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                    0x350000x26c1d50x0unknownunknownunknownunknownIMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                    0x2a20000x3fb0000x3cd400unknownunknownunknownunknownIMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                    .rsrc0x69d0000x10000x200False0.9453125data6.95928882324IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                    .yke1AWY0x69e0000x4b0000x4ac00False0.98668412939data7.91755317496IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                    .adata0x6e90000x10000x0False0empty0.0IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ

                                                                                                                                                    Resources

                                                                                                                                                    NameRVASizeTypeLanguageCountry
                                                                                                                                                    RT_MANIFEST0x69ee180x17dXML 1.0 document textEnglishUnited States

                                                                                                                                                    Imports

                                                                                                                                                    DLLImport
                                                                                                                                                    kernel32.dllGetProcAddress, GetModuleHandleA, LoadLibraryA
                                                                                                                                                    user32.dllSendNotifyMessageA
                                                                                                                                                    wtsapi32.dllWTSSendMessageW
                                                                                                                                                    user32.dllGetProcessWindowStation
                                                                                                                                                    user32.dllGetProcessWindowStation
                                                                                                                                                    oleaut32.dllVariantChangeTypeEx
                                                                                                                                                    kernel32.dllRaiseException

                                                                                                                                                    Possible Origin

                                                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                                                    EnglishUnited States

                                                                                                                                                    Network Behavior

                                                                                                                                                    Network Port Distribution

                                                                                                                                                    TCP Packets

                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                    Dec 29, 2021 08:51:36.571156025 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:36.597944021 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:36.598120928 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:36.912719011 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:36.943679094 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:36.999392986 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:38.447905064 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:38.475564957 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:38.530684948 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:45.947582006 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:45.982111931 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:45.982182026 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:45.982230902 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:45.982285023 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:46.031198978 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:49.412308931 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:49.490027905 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:49.545097113 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:49.564868927 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:49.593951941 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:49.637119055 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:49.664072990 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:49.664133072 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:49.666006088 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:49.718990088 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:49.814471006 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:49.842281103 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:49.843413115 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:49.890883923 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:50.006309032 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:50.034548998 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:50.075628996 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:50.102291107 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:50.131640911 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:50.154380083 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:50.183568001 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:50.202549934 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:50.230156898 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:50.281553984 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:50.660599947 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:50.688788891 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:50.734721899 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:50.830621958 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:50.858542919 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:50.906598091 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:51.872104883 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:51.905642986 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:51.953699112 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:51.961874008 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:51.991065979 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.031763077 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:52.538160086 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:52.564951897 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.564985991 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.565011024 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.565035105 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.565084934 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:52.565154076 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:52.565172911 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.565185070 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:52.565201044 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.565257072 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:52.565284014 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:52.565335989 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.565362930 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.565423965 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:52.565454006 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:52.565692902 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.565761089 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:52.593914986 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.593939066 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.593949080 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.593959093 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.593974113 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.593985081 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.593998909 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.594011068 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.594024897 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.594036102 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.594050884 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.594062090 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.594077110 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.594086885 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.594103098 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.594114065 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.594187021 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.594204903 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:52.594295025 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:52.594300985 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.594491005 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:52.594563007 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:52.628158092 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.628528118 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.628705025 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.628916025 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:52.657891989 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.657917023 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.657934904 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.657952070 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.657993078 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:52.658087969 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.658106089 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.658122063 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.658139944 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.658157110 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.658174992 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.658191919 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.658207893 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.703483105 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.703774929 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:52.703867912 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:52.703891993 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:52.731993914 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.732019901 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.732125044 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.733083010 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.733378887 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.733449936 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.733499050 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.733583927 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.733637094 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.733716965 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.733937025 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:52.734024048 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:52.734074116 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.734210968 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.734277010 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.734605074 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.734663010 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.734708071 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.734802961 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.734878063 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.735033035 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.735074997 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.735479116 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.735492945 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.735568047 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.735975981 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.735991001 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.736083984 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.736326933 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.737231016 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.737615108 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:52.737696886 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:52.762274981 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.762669086 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.763056993 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.763330936 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.764303923 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.764319897 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.764331102 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.764345884 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.764889956 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.764906883 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.764915943 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.765985966 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.766005039 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.766019106 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.766035080 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.766050100 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.766455889 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.766470909 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.766482115 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.766496897 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.766505957 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.766580105 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.766598940 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:52.766679049 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:52.766814947 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.766830921 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.766848087 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.766891003 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.766977072 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.767178059 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.767193079 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.767256021 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.767571926 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.767587900 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.767759085 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.767796993 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.768121958 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:52.768177032 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:52.768675089 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.795085907 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.795109034 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.795124054 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.795139074 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.795176029 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.795413017 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.795473099 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.795545101 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.795559883 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.795656919 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.795876026 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.795896053 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.796031952 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.796044111 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.796145916 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.796262980 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.796307087 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.796387911 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.796525955 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.796535969 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.796642065 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.796902895 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.796916008 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.796986103 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.797029018 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.797082901 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.797168016 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.797178984 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.797276020 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:52.797295094 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.797348976 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:52.797411919 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.797429085 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.797575951 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.797620058 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.797667027 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.797760963 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.797775984 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.797904015 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.797933102 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.798008919 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.798108101 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.798121929 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.798136950 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.798338890 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.798396111 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.798435926 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.798500061 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.798688889 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.798820972 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.798871994 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.798981905 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.799336910 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:52.799427032 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:52.825366974 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.825611115 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.825674057 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.825685024 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.825758934 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.825829983 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.825958014 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.825977087 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.826105118 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.826189041 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.826313972 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.826390028 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.826513052 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.826642990 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.826653957 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.826772928 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.826894045 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.827037096 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.827111959 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.827353954 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.827759027 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.827797890 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.827809095 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.827887058 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.827969074 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.828067064 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.828114033 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.828212023 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:52.828311920 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:52.828330994 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.828349113 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.828416109 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.828500986 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.828675032 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.828748941 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.828788042 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.828891993 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.828995943 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.829099894 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.829186916 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.829296112 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.829427958 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.829511881 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.829602003 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.829961061 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.831495047 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:52.855146885 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.855180979 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.855623960 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.855638981 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.855760098 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.855866909 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.856021881 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.856812000 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.856920004 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.856995106 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.857084036 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.858187914 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.858210087 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.858324051 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.858361006 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.858525991 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.858645916 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.858724117 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.858843088 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.858922005 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.858999968 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.859087944 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.859159946 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.860923052 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.861010075 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.869796991 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.872092962 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:52.902230024 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.902683020 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:52.930396080 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:52.932145119 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:52.971900940 CET4430149746103.246.144.29192.168.2.3
                                                                                                                                                    Dec 29, 2021 08:51:53.016190052 CET4974644301192.168.2.3103.246.144.29
                                                                                                                                                    Dec 29, 2021 08:51:53.407376051 CET4974644301192.168.2.3103.246.144.29

                                                                                                                                                    Code Manipulations

                                                                                                                                                    Statistics

                                                                                                                                                    CPU Usage

                                                                                                                                                    Click to jump to process

                                                                                                                                                    Memory Usage

                                                                                                                                                    Click to jump to process

                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                    Behavior

                                                                                                                                                    Click to jump to process

                                                                                                                                                    System Behavior

                                                                                                                                                    Analysis Process: OfficialKiddionsModMenuV0.8.7.exe PID: 7072 Parent PID: 3608

                                                                                                                                                    General

                                                                                                                                                    Start time:08:51:22
                                                                                                                                                    Start date:29/12/2021
                                                                                                                                                    Path:C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:"C:\Users\user\Desktop\OfficialKiddionsModMenuV0.8.7.exe"
                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                    File size:4397056 bytes
                                                                                                                                                    MD5 hash:7DE3896BAF12500F3E1CD311E2340806
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:Borland Delphi
                                                                                                                                                    Yara matches:
                                                                                                                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000002.292031662.00000000000C2000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000003.291666157.0000000003B12000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                    Reputation:low

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Analysis Process: AppLaunch.exe PID: 6652 Parent PID: 7072

                                                                                                                                                    General

                                                                                                                                                    Start time:08:51:26
                                                                                                                                                    Start date:29/12/2021
                                                                                                                                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                                                                                                                    Imagebase:0x2b0000
                                                                                                                                                    File size:98912 bytes
                                                                                                                                                    MD5 hash:6807F903AC06FF7E1670181378690B22
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:.Net C# or VB.NET
                                                                                                                                                    Yara matches:
                                                                                                                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000A.00000002.348909899.0000000000402000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                                                                    Reputation:moderate

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Disassembly

                                                                                                                                                    Code Analysis

                                                                                                                                                    Reset < >

                                                                                                                                                      Analysis Process: OfficialKiddionsModMenuV0.8.7.exe PID: 7072 Parent PID: 3608 OfficialKiddionsModMenuV0.8.7.exeCOMMON

                                                                                                                                                      Executed Functions

                                                                                                                                                      Non-executed Functions

                                                                                                                                                      Function 02A6C67B, Relevance: 3.9, Strings: 3, Instructions: 157COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000001.00000003.283191671.0000000002A6C000.00000004.00000001.sdmp, Offset: 02A6C000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: "R@$|mE$>D
                                                                                                                                                      • API String ID: 0-1509467082
                                                                                                                                                      • Opcode ID: 2a0d3b76915d3011a7ee2aa3d38fa53d4d475339688b6b1ba8cd8ae216e03d83
                                                                                                                                                      • Instruction ID: 0f51761b1ae1f8b200e66ee1cfdae8151771f51e8baef96298f7098c5f8be105
                                                                                                                                                      • Opcode Fuzzy Hash: 2a0d3b76915d3011a7ee2aa3d38fa53d4d475339688b6b1ba8cd8ae216e03d83
                                                                                                                                                      • Instruction Fuzzy Hash: F5413272508101DB8208C934CD8C8BB7BB3ABD9274B58CB2BF0978A5A8DB34D546C689
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02A6C68A, Relevance: 3.9, Strings: 3, Instructions: 149COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000001.00000003.283191671.0000000002A6C000.00000004.00000001.sdmp, Offset: 02A6C000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: "R@$|mE$>D
                                                                                                                                                      • API String ID: 0-1509467082
                                                                                                                                                      • Opcode ID: 635fbe85012d6e8e6b8560de81709f2a0d06412565953d7b6b40cea0800aa47e
                                                                                                                                                      • Instruction ID: fdff007fca670b85171ad922457d418b9d3319bd7748e7afdaa32d0453051d4a
                                                                                                                                                      • Opcode Fuzzy Hash: 635fbe85012d6e8e6b8560de81709f2a0d06412565953d7b6b40cea0800aa47e
                                                                                                                                                      • Instruction Fuzzy Hash: 1D4124B2508101DB9208C934CD4C87B7BB7ABD9270B58CB2BF497CA5E8DB34E546C689
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02A6C69D, Relevance: 3.9, Strings: 3, Instructions: 142COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000001.00000003.283191671.0000000002A6C000.00000004.00000001.sdmp, Offset: 02A6C000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: "R@$|mE$>D
                                                                                                                                                      • API String ID: 0-1509467082
                                                                                                                                                      • Opcode ID: 6c6851a965e43631fbe97cb902f8d78c421bfea797aaa71187e139d92a25a307
                                                                                                                                                      • Instruction ID: 6b2d1383bad4e26bd1a14e6003be7fe29289f3b98580ae4765b8e0851382e4bb
                                                                                                                                                      • Opcode Fuzzy Hash: 6c6851a965e43631fbe97cb902f8d78c421bfea797aaa71187e139d92a25a307
                                                                                                                                                      • Instruction Fuzzy Hash: D9413672508101DB9208C934CD4C87B77B39BD92B0B58CB2BF497CA5A8DB34E546C685
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02A6C6A4, Relevance: 3.9, Strings: 3, Instructions: 140COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000001.00000003.283191671.0000000002A6C000.00000004.00000001.sdmp, Offset: 02A6C000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: "R@$|mE$>D
                                                                                                                                                      • API String ID: 0-1509467082
                                                                                                                                                      • Opcode ID: 77609fa63fd9ce96cca0038557752bbe26fb43fd28fe501425fd160bb20b00f2
                                                                                                                                                      • Instruction ID: 263112e69075004a04072258248624593d8408180d005b25aa6be7f08e9e618b
                                                                                                                                                      • Opcode Fuzzy Hash: 77609fa63fd9ce96cca0038557752bbe26fb43fd28fe501425fd160bb20b00f2
                                                                                                                                                      • Instruction Fuzzy Hash: 9E412572508101DB8248C934DD8C8BB77B7ABD92B0B58CB2BF497CB5A8DB34E546C685
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02A6C6B3, Relevance: 3.9, Strings: 3, Instructions: 137COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000001.00000003.283191671.0000000002A6C000.00000004.00000001.sdmp, Offset: 02A6C000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: "R@$|mE$>D
                                                                                                                                                      • API String ID: 0-1509467082
                                                                                                                                                      • Opcode ID: 0fe8d24a127855f6aa1839698240bd759d68be425f4dee73f66681e52654dec9
                                                                                                                                                      • Instruction ID: 498f1a171f14e0174423621a7cd0d2fdd5a2f68e7ed10b694395526696f792e8
                                                                                                                                                      • Opcode Fuzzy Hash: 0fe8d24a127855f6aa1839698240bd759d68be425f4dee73f66681e52654dec9
                                                                                                                                                      • Instruction Fuzzy Hash: 9E412672518101DF8208C934DD8C8BB77B7ABD9270B58CB2BF4878B5A8DB34E546C685
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02A6C6DB, Relevance: 3.9, Strings: 3, Instructions: 125COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000001.00000003.283191671.0000000002A6C000.00000004.00000001.sdmp, Offset: 02A6C000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: "R@$|mE$>D
                                                                                                                                                      • API String ID: 0-1509467082
                                                                                                                                                      • Opcode ID: a92894088b107ab49866067542a9095f8767af55c2fa78828a7457494aa0a585
                                                                                                                                                      • Instruction ID: aedfa2ab224d2cb5dfb48cf0cbdbeff6d23f0fa66f51de3daa764f4b06b18873
                                                                                                                                                      • Opcode Fuzzy Hash: a92894088b107ab49866067542a9095f8767af55c2fa78828a7457494aa0a585
                                                                                                                                                      • Instruction Fuzzy Hash: A7312672618101DB9248C934DD4C8BB7BB3DBD9270B58CB2FE0868B5A8DB34E546C685
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02A6C6F0, Relevance: 3.9, Strings: 3, Instructions: 120COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000001.00000003.283191671.0000000002A6C000.00000004.00000001.sdmp, Offset: 02A6C000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: "R@$|mE$>D
                                                                                                                                                      • API String ID: 0-1509467082
                                                                                                                                                      • Opcode ID: dca083e4c54bc1d895935cf8e032ac5119c32c6c402de80eda3470e73d085662
                                                                                                                                                      • Instruction ID: 2a64f90e9dc5a6fd6c7585c9f8820bb0995c840a9010aa1cfb9c6d664a1c1780
                                                                                                                                                      • Opcode Fuzzy Hash: dca083e4c54bc1d895935cf8e032ac5119c32c6c402de80eda3470e73d085662
                                                                                                                                                      • Instruction Fuzzy Hash: 7A312972618101DB4248C934DD5C87B7BB7DBD9270B58C72FE087CB594DB34A546C685
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02A6C709, Relevance: 3.9, Strings: 3, Instructions: 111COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000001.00000003.283191671.0000000002A6C000.00000004.00000001.sdmp, Offset: 02A6C000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: "R@$|mE$>D
                                                                                                                                                      • API String ID: 0-1509467082
                                                                                                                                                      • Opcode ID: da90f05abbe26e508f21599d37d508fbc53bc6d0e90393ffab5869c4803e2b42
                                                                                                                                                      • Instruction ID: 815177a762a83803c6442607e3642f1152ffc15942b6a6e6cd0de859a0419dd5
                                                                                                                                                      • Opcode Fuzzy Hash: da90f05abbe26e508f21599d37d508fbc53bc6d0e90393ffab5869c4803e2b42
                                                                                                                                                      • Instruction Fuzzy Hash: 63315873608101DB8248CD34DD9C8BB7BB7EBD9374B54C63FE0868A5A4DB34A546C685
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02A6C718, Relevance: 3.9, Strings: 3, Instructions: 109COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000001.00000003.283191671.0000000002A6C000.00000004.00000001.sdmp, Offset: 02A6C000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: "R@$|mE$>D
                                                                                                                                                      • API String ID: 0-1509467082
                                                                                                                                                      • Opcode ID: 81d477a00ce4460cf9f4711f216dc5d3d8e4414dd64ac95ef8bd759bee74f23a
                                                                                                                                                      • Instruction ID: f42859e42def78cd11c35f3eff38ef39c87042b2bf79f39d4d4d71e9809c6774
                                                                                                                                                      • Opcode Fuzzy Hash: 81d477a00ce4460cf9f4711f216dc5d3d8e4414dd64ac95ef8bd759bee74f23a
                                                                                                                                                      • Instruction Fuzzy Hash: 74315773608101DB9248C934DD5C8BB7BB7DBD9274B54CB3FE086CA5A8DB34E546C289
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02A6C728, Relevance: 3.9, Strings: 3, Instructions: 103COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000001.00000003.283191671.0000000002A6C000.00000004.00000001.sdmp, Offset: 02A6C000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: "R@$|mE$>D
                                                                                                                                                      • API String ID: 0-1509467082
                                                                                                                                                      • Opcode ID: 510ced9700cf18e3ff7cec95e1fa8197ddbdd6c9f6bc39f1cb734fcaf652fb18
                                                                                                                                                      • Instruction ID: f395b8f021a7a9cb063a49186f8e59d2efe0173bf0a002934ca114589d6fdedf
                                                                                                                                                      • Opcode Fuzzy Hash: 510ced9700cf18e3ff7cec95e1fa8197ddbdd6c9f6bc39f1cb734fcaf652fb18
                                                                                                                                                      • Instruction Fuzzy Hash: 45316773608101DB9248C934DD4C9BB7BB7DBD9370B54C63FE0868A6A8DF34E546C289
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00409360, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 132COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      C-Code - Quality: 50%
                                                                                                                                                      			E00409360(intOrPtr __eax, void* __ebx, void* __edi, void* __esi, void* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _t52;
				signed int _t59;
				intOrPtr _t60;
				void* _t61;
				intOrPtr* _t62;
				intOrPtr _t64;
				intOrPtr _t67;
				intOrPtr* _t75;
				intOrPtr _t76;
				intOrPtr _t78;
				signed int _t80;
				char _t82;
				intOrPtr _t94;
				intOrPtr _t97;
				intOrPtr* _t99;
				void* _t100;
				void* _t103;
				void* _t105;
				void* _t112;

				_t75 = _a4;
				_v5 = 0;
				_v16 = 1;
				0x422252( *_t75, __edi, __esi, __ebx, _t100);
				 *_t75 = __eax;
				_t76 = _a8;
				_t6 = _t76 + 0x10; // 0x11
				_t97 = _t6;
				_push(_t97);
				_v20 = _t97;
				_v12 =  *(_t76 + 8) ^  *0x43302c;
				E00409320( *(_t76 + 8) ^  *0x43302c);
				E0040A3EC(_a12);
				_t52 = _a4;
				_t105 = _t103 - 0x1c + 0x10;
				_t94 =  *((intOrPtr*)(_t76 + 0xc));
				if(( *(_t52 + 4) & 0x00000066) != 0) {
					__eflags = _t94 - 0xfffffffe;
					if(_t94 != 0xfffffffe) {
						E0040A570(_t76, 0xfffffffe, _t97, 0x43302c);
						goto L13;
					}
					goto L14;
				} else {
					_v32 = _t52;
					_v28 = _a12;
					 *((intOrPtr*)(_t76 - 4)) =  &_v32;
					if(_t94 == 0xfffffffe) {
						L14:
						return _v16;
					} else {
						do {
							_t80 = _v12;
							_t59 = _t94 + (_t94 + 2) * 2;
							_t78 =  *((intOrPtr*)(_t80 + _t59 * 4));
							_t60 = _t80 + _t59 * 4;
							_t81 =  *((intOrPtr*)(_t60 + 4));
							_v24 = _t60;
							if( *((intOrPtr*)(_t60 + 4)) == 0) {
								_t82 = _v5;
								goto L7;
							} else {
								_t61 = E0040A510(_t81, _t97);
								_t82 = 1;
								_v5 = 1;
								_t112 = _t61;
								if(_t112 < 0) {
									_v16 = 0;
									L13:
									_push(_t97);
									E00409320(_v12);
									goto L14;
								} else {
									if(_t112 > 0) {
										_t62 = _a4;
										__eflags =  *_t62 - 0xe06d7363;
										if( *_t62 == 0xe06d7363) {
											__eflags =  *0x425b4c;
											if( *0x425b4c != 0) {
												0x421b20(0x425b4c);
												_t105 = _t105 + 4;
												__eflags = _t62;
												if(_t62 != 0) {
													_t99 =  *0x425b4c; // 0x4076b6
													 *0x424158(_a4, 1);
													 *_t99();
													_t97 = _v20;
													_t105 = _t105 + 8;
												}
												_t62 = _a4;
											}
										}
										E0040A550(_t78, _a8, _t62, _t94, _t97);
										_t64 = _a8;
										__eflags =  *((intOrPtr*)(_t64 + 0xc)) - _t94;
										if( *((intOrPtr*)(_t64 + 0xc)) != _t94) {
											E0040A570(_t64, _t94, _t97, 0x43302c);
											_t64 = _a8;
										}
										_push(_t97);
										 *((intOrPtr*)(_t64 + 0xc)) = _t78;
										E00409320(_v12);
										_t91 = _t97;
										_t85 =  *((intOrPtr*)(_v24 + 8));
										E0040A530();
										asm("int3");
										__eflags = E0040A587( *((intOrPtr*)(_v24 + 8)), _t97);
										if(__eflags != 0) {
											_t67 = E00409623(_t85, _t91, __eflags);
											__eflags = _t67;
											if(_t67 != 0) {
												return 1;
											} else {
												E0040A5C3(_t94);
												goto L23;
											}
										} else {
											L23:
											__eflags = 0;
											return 0;
										}
									} else {
										goto L7;
									}
								}
							}
							goto L27;
							L7:
							_t94 = _t78;
						} while (_t78 != 0xfffffffe);
						if(_t82 != 0) {
							goto L13;
						}
						goto L14;
					}
				}
				L27:
			}





























                                                                                                                                                      0x00409367
                                                                                                                                                      0x0040936c
                                                                                                                                                      0x00409372
                                                                                                                                                      0x00409379
                                                                                                                                                      0x0040937e
                                                                                                                                                      0x00409380
                                                                                                                                                      0x00409386
                                                                                                                                                      0x00409386
                                                                                                                                                      0x0040938f
                                                                                                                                                      0x00409391
                                                                                                                                                      0x00409394
                                                                                                                                                      0x00409397
                                                                                                                                                      0x0040939f
                                                                                                                                                      0x004093a4
                                                                                                                                                      0x004093a7
                                                                                                                                                      0x004093aa
                                                                                                                                                      0x004093b1
                                                                                                                                                      0x0040940d
                                                                                                                                                      0x00409410
                                                                                                                                                      0x0040941f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x0040941f
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004093b3
                                                                                                                                                      0x004093b3
                                                                                                                                                      0x004093b9
                                                                                                                                                      0x004093bf
                                                                                                                                                      0x004093c5
                                                                                                                                                      0x00409430
                                                                                                                                                      0x00409439
                                                                                                                                                      0x004093c7
                                                                                                                                                      0x004093c7
                                                                                                                                                      0x004093c7
                                                                                                                                                      0x004093cd
                                                                                                                                                      0x004093d0
                                                                                                                                                      0x004093d3
                                                                                                                                                      0x004093d6
                                                                                                                                                      0x004093d9
                                                                                                                                                      0x004093de
                                                                                                                                                      0x004093f4
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004093e0
                                                                                                                                                      0x004093e2
                                                                                                                                                      0x004093e7
                                                                                                                                                      0x004093e9
                                                                                                                                                      0x004093ec
                                                                                                                                                      0x004093ee
                                                                                                                                                      0x00409404
                                                                                                                                                      0x00409424
                                                                                                                                                      0x00409424
                                                                                                                                                      0x00409428
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004093f0
                                                                                                                                                      0x004093f0
                                                                                                                                                      0x0040943a
                                                                                                                                                      0x0040943d
                                                                                                                                                      0x00409443
                                                                                                                                                      0x00409445
                                                                                                                                                      0x0040944c
                                                                                                                                                      0x00409453
                                                                                                                                                      0x00409458
                                                                                                                                                      0x0040945b
                                                                                                                                                      0x0040945d
                                                                                                                                                      0x0040945f
                                                                                                                                                      0x0040946c
                                                                                                                                                      0x00409472
                                                                                                                                                      0x00409474
                                                                                                                                                      0x00409477
                                                                                                                                                      0x00409477
                                                                                                                                                      0x0040947a
                                                                                                                                                      0x0040947a
                                                                                                                                                      0x0040944c
                                                                                                                                                      0x00409482
                                                                                                                                                      0x00409487
                                                                                                                                                      0x0040948a
                                                                                                                                                      0x0040948d
                                                                                                                                                      0x00409499
                                                                                                                                                      0x0040949e
                                                                                                                                                      0x0040949e
                                                                                                                                                      0x004094a1
                                                                                                                                                      0x004094a5
                                                                                                                                                      0x004094a8
                                                                                                                                                      0x004094b3
                                                                                                                                                      0x004094b5
                                                                                                                                                      0x004094b8
                                                                                                                                                      0x004094bd
                                                                                                                                                      0x004094c3
                                                                                                                                                      0x004094c5
                                                                                                                                                      0x004094ca
                                                                                                                                                      0x004094cf
                                                                                                                                                      0x004094d1
                                                                                                                                                      0x004094dc
                                                                                                                                                      0x004094d3
                                                                                                                                                      0x004094d3
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004094d3
                                                                                                                                                      0x004094c7
                                                                                                                                                      0x004094c7
                                                                                                                                                      0x004094c7
                                                                                                                                                      0x004094c9
                                                                                                                                                      0x004094c9
                                                                                                                                                      0x004093f2
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004093f2
                                                                                                                                                      0x004093f0
                                                                                                                                                      0x004093ee
                                                                                                                                                      0x00000000
                                                                                                                                                      0x004093f7
                                                                                                                                                      0x004093f7
                                                                                                                                                      0x004093f9
                                                                                                                                                      0x00409400
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00409402
                                                                                                                                                      0x00000000
                                                                                                                                                      0x00409400
                                                                                                                                                      0x004093c5
                                                                                                                                                      0x00000000

                                                                                                                                                      APIs
                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 00409397
                                                                                                                                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 0040939F
                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 00409428
                                                                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 00409453
                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 004094A8
                                                                                                                                                      • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 004094BE
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000001.00000002.292287812.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000001.00000002.292264997.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.292346351.0000000000423000.00000020.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.292356077.0000000000424000.00000040.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.292430105.0000000000435000.00000020.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.292546609.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.292597020.0000000000460000.00000020.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.293317762.00000000006A2000.00000040.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.294189221.0000000000A08000.00000040.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.294327524.0000000000A9E000.00000040.00020000.sdmp Download File
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record___vcrt_initialize_locks
                                                                                                                                                      • String ID: csm$vX@
                                                                                                                                                      • API String ID: 1280994422-3593182403
                                                                                                                                                      • Opcode ID: deb5cb3a0eb5d74dd14dde7b5d42437edf2f942f53866acf2a0db46af9c24d11
                                                                                                                                                      • Instruction ID: 4df9e707e332f0cb9528ead39183cfbc52f32fab31c21ce6b063ded59d8455c8
                                                                                                                                                      • Opcode Fuzzy Hash: deb5cb3a0eb5d74dd14dde7b5d42437edf2f942f53866acf2a0db46af9c24d11
                                                                                                                                                      • Instruction Fuzzy Hash: 6141A334A00218ABCF14DF69C884A9EBBA1AF45318F54817AEC147B3D3D7399D16CB99
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Analysis Process: AppLaunch.exe PID: 6652 Parent PID: 7072 AppLaunch.exeCOMMON

                                                                                                                                                      Executed Functions

                                                                                                                                                      Function 0A93DDF0, Relevance: 6.6, Strings: 5, Instructions: 300COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: 8^;i$8^;i$Tel$\tdata$egram.exe
                                                                                                                                                      • API String ID: 0-1286122115
                                                                                                                                                      • Opcode ID: 62cee6642bf7b5674b0bea3143269fb6551c4c3115b87d12171678a40ca7e437
                                                                                                                                                      • Instruction ID: 3ab8942dc2454977b06fd6eb1ae2b7d7e9e9adf04a141ce16621467de0635b40
                                                                                                                                                      • Opcode Fuzzy Hash: 62cee6642bf7b5674b0bea3143269fb6551c4c3115b87d12171678a40ca7e437
                                                                                                                                                      • Instruction Fuzzy Hash: 25B1D131B002088FDB14DFB4C8506AEB7F6AFC9308B64C969D40AAF355DF75AD468B91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0533EC28, Relevance: 1.6, Strings: 1, Instructions: 379COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: h
                                                                                                                                                      • API String ID: 0-3697682846
                                                                                                                                                      • Opcode ID: 46549a5ba2a96e30aea0820c3a4382010d33e5c2874ba3479666fd4bb7a7cbbe
                                                                                                                                                      • Instruction ID: 45676e357ef658764490fc68880bb7f8bbedfd1d4d986f9cd1fd3aa09f35d5f6
                                                                                                                                                      • Opcode Fuzzy Hash: 46549a5ba2a96e30aea0820c3a4382010d33e5c2874ba3479666fd4bb7a7cbbe
                                                                                                                                                      • Instruction Fuzzy Hash: 1ED1B374B002048FDB14EBB8D855AAE7BFAAFC9304B148469D906DB3A5DF75DC02CB91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0AB9E128, Relevance: 1.6, APIs: 1, Instructions: 55encryptionCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?), ref: 0AB9E90D
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.359254397.000000000AB90000.00000040.00000001.sdmp, Offset: 0AB90000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CryptDataUnprotect
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 834300711-0
                                                                                                                                                      • Opcode ID: 399c9d654b9e26ad303906033fab4907145f2bdb9df12b33118d035b3e9a498f
                                                                                                                                                      • Instruction ID: 1f519493f3ea15205732fedd552a254ab1a4a0f044d438a6d0b6d2def156808c
                                                                                                                                                      • Opcode Fuzzy Hash: 399c9d654b9e26ad303906033fab4907145f2bdb9df12b33118d035b3e9a498f
                                                                                                                                                      • Instruction Fuzzy Hash: CE1126768002099FCF10CF99C945BDEBFF5EF48320F148469EA14A7610C379A954DFA1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0AB9E8A0, Relevance: 1.6, APIs: 1, Instructions: 53encryptionCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?), ref: 0AB9E90D
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.359254397.000000000AB90000.00000040.00000001.sdmp, Offset: 0AB90000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CryptDataUnprotect
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 834300711-0
                                                                                                                                                      • Opcode ID: 57aad9ad40bbad468ca1ae49ad67ca33f8e32062fd576f345631021399676803
                                                                                                                                                      • Instruction ID: 03fd120a67f9c8c0634c9d3d81d4c42c8f18dd841da0b9e9c14ee3530f0623b0
                                                                                                                                                      • Opcode Fuzzy Hash: 57aad9ad40bbad468ca1ae49ad67ca33f8e32062fd576f345631021399676803
                                                                                                                                                      • Instruction Fuzzy Hash: C01142B68002099FCF10CF99C945BDEBFF5EB88320F14886AE654A7610C338A655DFA1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A27E298, Relevance: .4, Instructions: 389COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356259306.000000000A270000.00000040.00000001.sdmp, Offset: 0A270000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 75aee3e9739c47b5b1b2dc336f06ffe660f34b1690839d4c7770b305eab6f0a3
                                                                                                                                                      • Instruction ID: 9d2ec7261feb6bf9e618cc074a373c25fe309498ff0e28095a12d5b3ab66c03e
                                                                                                                                                      • Opcode Fuzzy Hash: 75aee3e9739c47b5b1b2dc336f06ffe660f34b1690839d4c7770b305eab6f0a3
                                                                                                                                                      • Instruction Fuzzy Hash: 4DF17C30A107059FDB25CF69C484AAEBBF2BF88300F1689A9E446DB761D734E941CF50
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A930DE8, Relevance: 10.5, Strings: 8, Instructions: 458COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: @tX$@tX$nu$nu$nu$nu$nu$nu
                                                                                                                                                      • API String ID: 0-1541645327
                                                                                                                                                      • Opcode ID: 90e90cfe77720f5c1b2ff306400ac6364a89175bf6278dd029ced8bef44348dc
                                                                                                                                                      • Instruction ID: de10dc6b0cffaa25e615d3320fa3c43789a122792c7434c92256bdfa888d3516
                                                                                                                                                      • Opcode Fuzzy Hash: 90e90cfe77720f5c1b2ff306400ac6364a89175bf6278dd029ced8bef44348dc
                                                                                                                                                      • Instruction Fuzzy Hash: E2126931B002449FCB54EFA9C494AAEB7FABF88304F158968D816DB761DB34EC45CB91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93F728, Relevance: 7.8, Strings: 6, Instructions: 273COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: , CommandLine: $, Name: AppData\Roaming\TReplaceokReplaceenReplaces.tReplacext$CommandLine$ID: isSecureegram.exe$Nametdata$ProcessId
                                                                                                                                                      • API String ID: 0-3040482440
                                                                                                                                                      • Opcode ID: 6d17ae23ac02a917a7e683f5797befc838be763ef133e8f0c1ae58216bc0803d
                                                                                                                                                      • Instruction ID: 60489ed329c65271c00c712a1bde8795fe5e2bca4d76f8950085cc9ff245e480
                                                                                                                                                      • Opcode Fuzzy Hash: 6d17ae23ac02a917a7e683f5797befc838be763ef133e8f0c1ae58216bc0803d
                                                                                                                                                      • Instruction Fuzzy Hash: 5CA1BF31B102049BDB14EBB5C86466E77B6AFC9304BA0993DD40AEF394EF359C46CB81
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93C900, Relevance: 5.5, Strings: 4, Instructions: 467COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: %DSK_23%Opera GXcookies$8^;i$8^;i$@B/
                                                                                                                                                      • API String ID: 0-160212416
                                                                                                                                                      • Opcode ID: 3ac944a609bd2145aa2481ea1d4fa7a52d16467982f7aca5bebd7443f01b12db
                                                                                                                                                      • Instruction ID: 67d7e9df0d705556a1d8f5448b53601ecdf4bc3e416b6debdb13f15530dc99a7
                                                                                                                                                      • Opcode Fuzzy Hash: 3ac944a609bd2145aa2481ea1d4fa7a52d16467982f7aca5bebd7443f01b12db
                                                                                                                                                      • Instruction Fuzzy Hash: CD029035B01618CFCB24DFA4D9586ADBBF6BF85308F248569D416AB394CF349C4ACB81
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93DA00, Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      • DisplayName, xrefs: 0A93DAEF
                                                                                                                                                      • SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 0A93DA6B
                                                                                                                                                      • DisplayVersion, xrefs: 0A93DB5A
                                                                                                                                                      • [^\u0020-\u007F]UNKNOWN, xrefs: 0A93DC27
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: DisplayName$DisplayVersion$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall$[^\u0020-\u007F]UNKNOWN
                                                                                                                                                      • API String ID: 0-3153656278
                                                                                                                                                      • Opcode ID: f1babe9b63022c39565ed7990352ace267d3703e213b7f722daa76ffaccb8f14
                                                                                                                                                      • Instruction ID: 8a7a9d7684894c75b8354d534e0856b0cf8785032e8f52b8536e4ef83bfa35d9
                                                                                                                                                      • Opcode Fuzzy Hash: f1babe9b63022c39565ed7990352ace267d3703e213b7f722daa76ffaccb8f14
                                                                                                                                                      • Instruction Fuzzy Hash: F781E232B107099FDB15DFB4C8642AAB7B6AF89304F61C929D415AB380DF74AD85CB80
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A930040, Relevance: 4.0, Strings: 3, Instructions: 286COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: nu$nu$nu
                                                                                                                                                      • API String ID: 0-2046667804
                                                                                                                                                      • Opcode ID: 2e5a81b7a764aa13e5d72d8e9e32e176d10d5095fc45a10cc52fc26d31f1708c
                                                                                                                                                      • Instruction ID: 77395383943b1bf3ed3293db10acd5d0da42b03402128656a9d4355d130d1277
                                                                                                                                                      • Opcode Fuzzy Hash: 2e5a81b7a764aa13e5d72d8e9e32e176d10d5095fc45a10cc52fc26d31f1708c
                                                                                                                                                      • Instruction Fuzzy Hash: 0AC15A75A002098FC744DFA9C594AAEBBF6FF88204F198499E449EB362CB30ED41CF51
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 053304C8, Relevance: 2.9, Strings: 2, Instructions: 377COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: x6i${(i^
                                                                                                                                                      • API String ID: 0-2874123098
                                                                                                                                                      • Opcode ID: fbcaed34873249959733a8a9334d19e2e5ea70476212cf8fb695a2780a354c25
                                                                                                                                                      • Instruction ID: f9e349d42c41a9709a4e2c49ce09736ee1a088cab2cfb9ac7d014d36153d8989
                                                                                                                                                      • Opcode Fuzzy Hash: fbcaed34873249959733a8a9334d19e2e5ea70476212cf8fb695a2780a354c25
                                                                                                                                                      • Instruction Fuzzy Hash: 80E18B36600218EFDF16DFA0C904EA97BB2FF88314F0591A8E60A9B271DB35D955DF80
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 053304A1, Relevance: 2.9, Strings: 2, Instructions: 356COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: x6i${(i^
                                                                                                                                                      • API String ID: 0-2874123098
                                                                                                                                                      • Opcode ID: 5d420a6f0a78dacbacaed048006f611c55723aa2581dae3f2c5922c9f04bbcfa
                                                                                                                                                      • Instruction ID: 3ab49f0534b744d15101b8af70344ebceed68b4590588cd226dbf44ef96a75fe
                                                                                                                                                      • Opcode Fuzzy Hash: 5d420a6f0a78dacbacaed048006f611c55723aa2581dae3f2c5922c9f04bbcfa
                                                                                                                                                      • Instruction Fuzzy Hash: D9D17E36600218EFDF169FA0C904EA97BB2FF88310F0595A8E6099B272DB75DD55DF40
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0533E398, Relevance: 2.8, Strings: 2, Instructions: 346COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: ,~m$ h
                                                                                                                                                      • API String ID: 0-1646199289
                                                                                                                                                      • Opcode ID: 510ac24f25f1308c91328cd26d89719902808d075a62bda2714f187006a87937
                                                                                                                                                      • Instruction ID: db7b2a3d1caf53933086de0f21eee8cddf0f041c4c122e50f0c874369c7e2a05
                                                                                                                                                      • Opcode Fuzzy Hash: 510ac24f25f1308c91328cd26d89719902808d075a62bda2714f187006a87937
                                                                                                                                                      • Instruction Fuzzy Hash: FFE14D34B00209DFCB14DFA5E594A9EBBB6FF88315F148968E9069B360DB70EC41CB91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93F1F0, Relevance: 2.7, Strings: 2, Instructions: 188COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      • [AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}, xrefs: 0A93F2F7
                                                                                                                                                      • t%-, xrefs: 0A93F2BC
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: [AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}$t%-
                                                                                                                                                      • API String ID: 0-2924475630
                                                                                                                                                      • Opcode ID: 23a0984405ec83344357bc87bf2d327064497746deb44c4442cdf87b5c5863d6
                                                                                                                                                      • Instruction ID: dbe85096e11f6d134d5b835ab53f5e8d9551835ce2baadf3136e9058205c0f35
                                                                                                                                                      • Opcode Fuzzy Hash: 23a0984405ec83344357bc87bf2d327064497746deb44c4442cdf87b5c5863d6
                                                                                                                                                      • Instruction Fuzzy Hash: CD61A076F002099FDB24DF64D8546AEB7B6AF89344F148569D516EF390DF309C02CB91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93F1E0, Relevance: 2.7, Strings: 2, Instructions: 172COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      • [AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}, xrefs: 0A93F2F7
                                                                                                                                                      • t%-, xrefs: 0A93F2BC
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: [AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}$t%-
                                                                                                                                                      • API String ID: 0-2924475630
                                                                                                                                                      • Opcode ID: c85dfeff223bf73fb65bf1b7549b7646ae5950fc28e534bcb644d0577a007cd7
                                                                                                                                                      • Instruction ID: ee9777c6a6ca70ab2769df59f20490335e76c100a69b5d04ea6715108e530761
                                                                                                                                                      • Opcode Fuzzy Hash: c85dfeff223bf73fb65bf1b7549b7646ae5950fc28e534bcb644d0577a007cd7
                                                                                                                                                      • Instruction Fuzzy Hash: 4E51C076F002099FDB28DF74D8546AEB7B6AF85344B14C569E512AF351EF309C42CB90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A27FC70, Relevance: 2.7, Strings: 2, Instructions: 171COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356259306.000000000A270000.00000040.00000001.sdmp, Offset: 0A270000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: Login Data$logins
                                                                                                                                                      • API String ID: 0-3289611636
                                                                                                                                                      • Opcode ID: f4975d7a617108e58f427d47afcdeacf209fe19c65b40cfd62f3ea9838fba200
                                                                                                                                                      • Instruction ID: 1d60dda8c3934478d2e48954b4b1acd5497d65aab151f2595fde1e04c6a0d819
                                                                                                                                                      • Opcode Fuzzy Hash: f4975d7a617108e58f427d47afcdeacf209fe19c65b40cfd62f3ea9838fba200
                                                                                                                                                      • Instruction Fuzzy Hash: EB51BE35B102089FCB44DFA8D990A9DBBF2EF89314F508579D50AAB351DF70AE41CB90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93EE20, Relevance: 2.6, Strings: 2, Instructions: 145COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: MB or $TotalVisibleMemorySize
                                                                                                                                                      • API String ID: 0-561195635
                                                                                                                                                      • Opcode ID: 16ae5b4fc66027589e14712d817d71d37db4fd7a959578a5a8e9b636b4fadc69
                                                                                                                                                      • Instruction ID: 478188bd669657d4634ab8fed49e75c1910d4834d35d66fd6c1842821c122762
                                                                                                                                                      • Opcode Fuzzy Hash: 16ae5b4fc66027589e14712d817d71d37db4fd7a959578a5a8e9b636b4fadc69
                                                                                                                                                      • Instruction Fuzzy Hash: C3518F71E11619DBCB14EFB4D85066EB7B6FF88300F109629D846AB384EF35AC81CB91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A933B08, Relevance: 2.6, Strings: 2, Instructions: 89COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: $bX$$bX
                                                                                                                                                      • API String ID: 0-3339933636
                                                                                                                                                      • Opcode ID: c71c3adc82a6f8c8414539c66abca34757e1eecdc7910289707afad7613c2032
                                                                                                                                                      • Instruction ID: 991010fe55b69a8856818be868706feeb5fb7c7f235f60383a7ae910a4afa9fe
                                                                                                                                                      • Opcode Fuzzy Hash: c71c3adc82a6f8c8414539c66abca34757e1eecdc7910289707afad7613c2032
                                                                                                                                                      • Instruction Fuzzy Hash: 3431E535F052548FC705EBB8E4641AE7BF5EFC6611B0144AAD106DB3A1DF349C068BD2
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A9305EA, Relevance: 2.6, Strings: 2, Instructions: 76COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: >XU$@
                                                                                                                                                      • API String ID: 0-395985043
                                                                                                                                                      • Opcode ID: d9f4602af09bf0d64be68930751121f41e30e55d59625b398237acede1e67258
                                                                                                                                                      • Instruction ID: 0b893ecbe0ff0cb795404fc3dd5bfae181d1828c15db917df9d00b96d11c4fa9
                                                                                                                                                      • Opcode Fuzzy Hash: d9f4602af09bf0d64be68930751121f41e30e55d59625b398237acede1e67258
                                                                                                                                                      • Instruction Fuzzy Hash: 1B21BF36A00259AFCB11CFA5C8849FFBBB9EF89314B048466E515DB215D3309A45DB90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93E690, Relevance: 2.6, Strings: 2, Instructions: 67COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: d-$d-
                                                                                                                                                      • API String ID: 0-617431243
                                                                                                                                                      • Opcode ID: 059c8ab50d1556b8f3075076b72f5578de056868a6e6fe510adc07bf93dcbfe7
                                                                                                                                                      • Instruction ID: 35d811593df0060bfb6d93e7efa1787733765004ae5fe1005c34fdcf81c3b9f9
                                                                                                                                                      • Opcode Fuzzy Hash: 059c8ab50d1556b8f3075076b72f5578de056868a6e6fe510adc07bf93dcbfe7
                                                                                                                                                      • Instruction Fuzzy Hash: E9219671E1134E9BDB18DFA4D8505DEB7B5FF85300F10891AD812AF340DB7069468F90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93E6A0, Relevance: 2.6, Strings: 2, Instructions: 59COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: d-$d-
                                                                                                                                                      • API String ID: 0-617431243
                                                                                                                                                      • Opcode ID: 60bb517a0977ba304d0e25ec2c06e31a45003d3e059c35cb00b2b1af74200c62
                                                                                                                                                      • Instruction ID: d7b178db5cb7d2182df5f86e478bfbc69312dd4767b0040dda625f66451b06aa
                                                                                                                                                      • Opcode Fuzzy Hash: 60bb517a0977ba304d0e25ec2c06e31a45003d3e059c35cb00b2b1af74200c62
                                                                                                                                                      • Instruction Fuzzy Hash: C2116675E1034D9BDB18DFE5D84059EB7B5EF85304F10851AE816BB344EB7069458B90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93E753, Relevance: 2.5, Strings: 2, Instructions: 39COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: d-$d-
                                                                                                                                                      • API String ID: 0-617431243
                                                                                                                                                      • Opcode ID: c9a5a9069d03e9c0c0a66738fa9e1dd6508f79e244c6f6e26f4cdfaf23861918
                                                                                                                                                      • Instruction ID: 0d8234148f9ad2b676dd2657024943db6f64becca400b7d802e810b486e2fb68
                                                                                                                                                      • Opcode Fuzzy Hash: c9a5a9069d03e9c0c0a66738fa9e1dd6508f79e244c6f6e26f4cdfaf23861918
                                                                                                                                                      • Instruction Fuzzy Hash: CF011A75E2135E8BDB18DFA0D44069EB7B6BF95304F20891AE802AB244DBB0A446CB40
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93D2E8, Relevance: 2.5, Strings: 2, Instructions: 28COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: 8^;i$\Program Data\
                                                                                                                                                      • API String ID: 0-1903576414
                                                                                                                                                      • Opcode ID: 5da379df457a90ed5006f244c0ee2840e72fede05f2c5555513d4a483f893dee
                                                                                                                                                      • Instruction ID: 041b469c88ac7872840a75d24ab12a03f139870fe49d11b8f5685d31bb8968b0
                                                                                                                                                      • Opcode Fuzzy Hash: 5da379df457a90ed5006f244c0ee2840e72fede05f2c5555513d4a483f893dee
                                                                                                                                                      • Instruction Fuzzy Hash: B8E092313001195BC7049BBAE894C9AB7DEEFC86283149A79E10ECB725CF709C0487D4
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 053384E8, Relevance: 2.0, Instructions: 1973COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 74e95b8a512f825f6c08c1ce33c885915cc6443d79dc049f0d16a2e013f1c8cf
                                                                                                                                                      • Instruction ID: cd6b7fe010a6272406ff2cec1cab451d4619fa595f55dea4734a56ab2f5e62aa
                                                                                                                                                      • Opcode Fuzzy Hash: 74e95b8a512f825f6c08c1ce33c885915cc6443d79dc049f0d16a2e013f1c8cf
                                                                                                                                                      • Instruction Fuzzy Hash: 9213FD34901284EFCF6A9B60D451AADB332FF8930AB1584BADD1136B64CB3BD942DF11
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 053384D8, Relevance: 2.0, Instructions: 1972COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 0051c7755648b19bbd4dbf1a510ac320ea2d562f171958b3cee1400d9d3de2be
                                                                                                                                                      • Instruction ID: c472c8f0d3e0914fb0c24209c7caed0119573173ca94fa981c9252d743cd8197
                                                                                                                                                      • Opcode Fuzzy Hash: 0051c7755648b19bbd4dbf1a510ac320ea2d562f171958b3cee1400d9d3de2be
                                                                                                                                                      • Instruction Fuzzy Hash: D313FD34905284EFCF6A9B60D451AADB732FF8930AB1584BADD1136B64CB3BD842DF11
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0AB970A4, Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • LoadLibraryW.KERNELBASE(00000000,?,?,?,?,00000000,00000E28,?,?,0AB9747E), ref: 0AB9762E
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.359254397.000000000AB90000.00000040.00000001.sdmp, Offset: 0AB90000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: LibraryLoad
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1029625771-0
                                                                                                                                                      • Opcode ID: a5cd32d2136a9b10b9981f9493e4133edff0af99434117f00c11d9bc93ad2b08
                                                                                                                                                      • Instruction ID: 22056921dc8a78d1c48d514fd99285f023e9e72f51086ead9e5a491e13951623
                                                                                                                                                      • Opcode Fuzzy Hash: a5cd32d2136a9b10b9981f9493e4133edff0af99434117f00c11d9bc93ad2b08
                                                                                                                                                      • Instruction Fuzzy Hash: 7911F3B6C106498FCF10CF9AC444BDEFBF8EF88224F14886AD519A7610D778A945CFA5
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0AB975C0, Relevance: 1.6, APIs: 1, Instructions: 51libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • LoadLibraryW.KERNELBASE(00000000,?,?,?,?,00000000,00000E28,?,?,0AB9747E), ref: 0AB9762E
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.359254397.000000000AB90000.00000040.00000001.sdmp, Offset: 0AB90000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: LibraryLoad
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1029625771-0
                                                                                                                                                      • Opcode ID: 6ccccde77cc596a273f7d1fafe6399889e1e531584e96044c591b5f2c12c6d67
                                                                                                                                                      • Instruction ID: c5ee7590ec608605593459f73a4bdfca83455e82f34e4d5555fd654ea86bda0a
                                                                                                                                                      • Opcode Fuzzy Hash: 6ccccde77cc596a273f7d1fafe6399889e1e531584e96044c591b5f2c12c6d67
                                                                                                                                                      • Instruction Fuzzy Hash: E611F3B6C102498FCF10CFAAC444BDEFBF5AF88314F24886AD459A7610C775A545CFA1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93ADE8, Relevance: 1.5, Strings: 1, Instructions: 231COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: $bX
                                                                                                                                                      • API String ID: 0-1324980163
                                                                                                                                                      • Opcode ID: d759e0751c20e65acdad1a6c8d66660fe194166802aeca55199eb8406f0dbdde
                                                                                                                                                      • Instruction ID: 49a7c0d536cce86a00f21b12dff6c4aa154683e0d58f776ce61bc8006e4b7637
                                                                                                                                                      • Opcode Fuzzy Hash: d759e0751c20e65acdad1a6c8d66660fe194166802aeca55199eb8406f0dbdde
                                                                                                                                                      • Instruction Fuzzy Hash: 558197622881E76ECB9F5E7058A80AFFFF99D9354C35C14F8D1D1CF89BC712984A8680
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0533D440, Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: h
                                                                                                                                                      • API String ID: 0-3697682846
                                                                                                                                                      • Opcode ID: 5545e800f9d8ef50ad92c34b2e14946df97acf813325f8a3a19aa5e5d9af9a86
                                                                                                                                                      • Instruction ID: 128990007c1b8f06fdbc520300b1b8e01795c6cb75050604cdc24b709694dc02
                                                                                                                                                      • Opcode Fuzzy Hash: 5545e800f9d8ef50ad92c34b2e14946df97acf813325f8a3a19aa5e5d9af9a86
                                                                                                                                                      • Instruction Fuzzy Hash: 7A717D75E002098FEB14DFA9C4556AEBBF6AFC9344F208529E806EF350DB709C46CB91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0533E388, Relevance: 1.4, Strings: 1, Instructions: 187COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: h
                                                                                                                                                      • API String ID: 0-3697682846
                                                                                                                                                      • Opcode ID: 141021196cf38f1f2c162b0b4c8703485afd514a59f3c74121f3b2576adf0fa2
                                                                                                                                                      • Instruction ID: cc71fff24a4086775fbff173b9c9640a65e9f380e6d841fca79e8d24e55efbf3
                                                                                                                                                      • Opcode Fuzzy Hash: 141021196cf38f1f2c162b0b4c8703485afd514a59f3c74121f3b2576adf0fa2
                                                                                                                                                      • Instruction Fuzzy Hash: 1B810834B00209DFCB14DFA4E59899DBBB6FF88315B148568E906AB360DB34EC41CF90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A938CF0, Relevance: 1.4, Strings: 1, Instructions: 185COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: c`
                                                                                                                                                      • API String ID: 0-3881029024
                                                                                                                                                      • Opcode ID: 59fb684c9244b97d0f4a4cfd7040235940f923e3e19b44d1611b7569226f03f0
                                                                                                                                                      • Instruction ID: 966290a932974c5da8dc8aaf461e4ebeefd6acbe96d1b2a392828adeaf5e0af0
                                                                                                                                                      • Opcode Fuzzy Hash: 59fb684c9244b97d0f4a4cfd7040235940f923e3e19b44d1611b7569226f03f0
                                                                                                                                                      • Instruction Fuzzy Hash: F6618135B002099FDB54DF68D494AADBBF6EF88318F1484A9E506DB361DB35EC41CB90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93E7CE, Relevance: 1.4, Strings: 1, Instructions: 159COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      • Total of RAM%USERPEnvironmentROFILE%\AppDEnvironmentata\RoaEnvironmentming, xrefs: 0A93E7EC
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: Total of RAM%USERPEnvironmentROFILE%\AppDEnvironmentata\RoaEnvironmentming
                                                                                                                                                      • API String ID: 0-3700047878
                                                                                                                                                      • Opcode ID: 8c3d47a49b05377ff3c6187fd548bf25c318eb8e37fb3b0ccfda241107356f19
                                                                                                                                                      • Instruction ID: 10ab1036e01a36c8839c428d49b80842a879f813e6fa1655b491f0e6913e43e6
                                                                                                                                                      • Opcode Fuzzy Hash: 8c3d47a49b05377ff3c6187fd548bf25c318eb8e37fb3b0ccfda241107356f19
                                                                                                                                                      • Instruction Fuzzy Hash: DB519C31B102048FDB54EFB4D8606AEB7F6EF89315B24C96AC406AB394DF359C46CB91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A9305F8, Relevance: 1.4, Strings: 1, Instructions: 149COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: @
                                                                                                                                                      • API String ID: 0-2766056989
                                                                                                                                                      • Opcode ID: 31bb7a9b571ce9ce61c5d586bd7a64e787e803edf620b4edb5b0d526692c4534
                                                                                                                                                      • Instruction ID: 7d1e107af2c1f6760c17a31974e0bad49fea5dde0ea48f45573730c4b6d0af5f
                                                                                                                                                      • Opcode Fuzzy Hash: 31bb7a9b571ce9ce61c5d586bd7a64e787e803edf620b4edb5b0d526692c4534
                                                                                                                                                      • Instruction Fuzzy Hash: 28516B76A002199FCB15CFA9C885AAEBBF5BF88300F148469E916AB255D730DD54CF90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93E368, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: Nametdata
                                                                                                                                                      • API String ID: 0-3735401890
                                                                                                                                                      • Opcode ID: 520e527a68bfd6cf8f9c9f40e571218a00229a0583e52c6b431f25477691aba4
                                                                                                                                                      • Instruction ID: 748e497e025d73c6d2a4e6f255db7e185e5f31e45dd265a0607de4076d0beb80
                                                                                                                                                      • Opcode Fuzzy Hash: 520e527a68bfd6cf8f9c9f40e571218a00229a0583e52c6b431f25477691aba4
                                                                                                                                                      • Instruction Fuzzy Hash: 5441BE31B11204AFCB58EB78E95466D77F6AF89314B24947DD406EB390EF359C02CB81
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 05332A79, Relevance: 1.4, Strings: 1, Instructions: 135COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: 8c~m
                                                                                                                                                      • API String ID: 0-3707057078
                                                                                                                                                      • Opcode ID: ebe795f6ff7f67bd165eb8e330a4ad62351841765eedaf06ab2b873d77dcab98
                                                                                                                                                      • Instruction ID: 7e600f0c269a44a68bc5ceaf24b21ac6be788ddf2dd6c1a35c67bf96f72f808b
                                                                                                                                                      • Opcode Fuzzy Hash: ebe795f6ff7f67bd165eb8e330a4ad62351841765eedaf06ab2b873d77dcab98
                                                                                                                                                      • Instruction Fuzzy Hash: 0141E3317205088FC704FBB9E59916DBBBAFFC9311F54461DE452AB294EF30A849CB92
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A933080, Relevance: 1.4, Strings: 1, Instructions: 134COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: h
                                                                                                                                                      • API String ID: 0-3697682846
                                                                                                                                                      • Opcode ID: 7e9931672bec8f92fb31bbd290e043b9dfdb295c922ac3c6666e6fc51d545d66
                                                                                                                                                      • Instruction ID: 57e9ee6165b3065fa43108b03417a8b430484a73f500f412b5c85a9ef1f131b4
                                                                                                                                                      • Opcode Fuzzy Hash: 7e9931672bec8f92fb31bbd290e043b9dfdb295c922ac3c6666e6fc51d545d66
                                                                                                                                                      • Instruction Fuzzy Hash: CD51A0B5A003099FC704DFA9C49489EBBF6FF89314B1589A9D4499F322DB30ED46CB90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 05332A88, Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: 8c~m
                                                                                                                                                      • API String ID: 0-3707057078
                                                                                                                                                      • Opcode ID: f1dbe0ad55475e9bd10cb43a79569986b6b24d78c04ed81785432a728923d602
                                                                                                                                                      • Instruction ID: eaba20785607c861e8c7ed7ac86ed1d265d7002fa30f2e807ad9b7eb00e1e401
                                                                                                                                                      • Opcode Fuzzy Hash: f1dbe0ad55475e9bd10cb43a79569986b6b24d78c04ed81785432a728923d602
                                                                                                                                                      • Instruction Fuzzy Hash: 5041D2317205088FC704FBB9E59906DBBBAFFC9315F55461CE452AB294EF30A849CB92
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A933090, Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: h
                                                                                                                                                      • API String ID: 0-3697682846
                                                                                                                                                      • Opcode ID: 9f8a5528a70165243b469c2564b5e026e224eab6a0a7404781166d33254ac18d
                                                                                                                                                      • Instruction ID: 2841ad514c459eee67a8af9aae700228841179635d913d976fc8be41d3c117c2
                                                                                                                                                      • Opcode Fuzzy Hash: 9f8a5528a70165243b469c2564b5e026e224eab6a0a7404781166d33254ac18d
                                                                                                                                                      • Instruction Fuzzy Hash: 885190B5A003099FC704DFA9C49489EBBF6FF89314B1589A9D4499B322DB31ED45CB90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93B038, Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: $bX
                                                                                                                                                      • API String ID: 0-1324980163
                                                                                                                                                      • Opcode ID: 3cf662a1a203fb75131e9fe1ddd85c77fe04c2bfb7ce655ec9756844b9614eb7
                                                                                                                                                      • Instruction ID: baa46b4a746979d56123ecbbf2186fc2ca660f9c9d6bc4551b20d915ed0ad895
                                                                                                                                                      • Opcode Fuzzy Hash: 3cf662a1a203fb75131e9fe1ddd85c77fe04c2bfb7ce655ec9756844b9614eb7
                                                                                                                                                      • Instruction Fuzzy Hash: 3841AE36B002098FDB18EFB5D89557E7BF6FFC8240B008569D90AE7765EB349C058B91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93DC9D, Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      • [^\u0020-\u007F]UNKNOWN, xrefs: 0A93DC27
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: [^\u0020-\u007F]UNKNOWN
                                                                                                                                                      • API String ID: 0-2598043026
                                                                                                                                                      • Opcode ID: df8cc60fcc6fedfd0a17a62b0fef92c0deae13c899dacbf349d3e67f1f1b23de
                                                                                                                                                      • Instruction ID: 959da5b12cffdf4bac915869037f08c22a5888370a13ae41722b3ad1ddc7b5c5
                                                                                                                                                      • Opcode Fuzzy Hash: df8cc60fcc6fedfd0a17a62b0fef92c0deae13c899dacbf349d3e67f1f1b23de
                                                                                                                                                      • Instruction Fuzzy Hash: D8418136B11309DFEB21DF64C5A47ADB7B6BF84304F21CD2AD412A7240DBB49985CB90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93D615, Relevance: 1.3, Strings: 1, Instructions: 89COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: \yQ
                                                                                                                                                      • API String ID: 0-566487144
                                                                                                                                                      • Opcode ID: f84b0808311dc28ee0c78e21e673e721b17f3c9e4ba2cc26725649591d1afb27
                                                                                                                                                      • Instruction ID: 59599d11a3a24428ac61e84ccbad0fb3ec3dddeeb25450287b9cd75858836b90
                                                                                                                                                      • Opcode Fuzzy Hash: f84b0808311dc28ee0c78e21e673e721b17f3c9e4ba2cc26725649591d1afb27
                                                                                                                                                      • Instruction Fuzzy Hash: F221F6312042545FCB00EB7D98F0ADA3BE9BF9A218F084CEBD1468F262CF359C468785
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93D674, Relevance: 1.3, Strings: 1, Instructions: 55COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: \yQ
                                                                                                                                                      • API String ID: 0-566487144
                                                                                                                                                      • Opcode ID: 14e36901be6a0e9256277f0bab0e834fbac8016cdf174e359887477900c6ba18
                                                                                                                                                      • Instruction ID: d5f7a842592fef5db224b994c69905cef69e8ce877476f8e203ea3db2473f8a8
                                                                                                                                                      • Opcode Fuzzy Hash: 14e36901be6a0e9256277f0bab0e834fbac8016cdf174e359887477900c6ba18
                                                                                                                                                      • Instruction Fuzzy Hash: 3C01C0323002105FD704EB6AD894A6E37EAEFC9215F04896AF606DB360CF71EC02C790
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A930DD8, Relevance: 1.3, Strings: 1, Instructions: 50COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: ?XU
                                                                                                                                                      • API String ID: 0-559961809
                                                                                                                                                      • Opcode ID: 12f3d103afedd4516ffb37228b9488d7d87570dfb2b07389c1b1adf515bfb417
                                                                                                                                                      • Instruction ID: 5d933df8cfddcb1a992e1bbaeebff9d222975973a740f78503f56bd101d17cf1
                                                                                                                                                      • Opcode Fuzzy Hash: 12f3d103afedd4516ffb37228b9488d7d87570dfb2b07389c1b1adf515bfb417
                                                                                                                                                      • Instruction Fuzzy Hash: 9D1104327143949FCB11CF28D8546ABBBB5FF4A310F0584A5E85497381C770D805CBA1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 05333060, Relevance: 1.3, Strings: 1, Instructions: 36COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: (i^
                                                                                                                                                      • API String ID: 0-4059259479
                                                                                                                                                      • Opcode ID: 15ea6920254f1ed56578071389b58d401cc2300d1d0e6b558d8edfe77043a17e
                                                                                                                                                      • Instruction ID: 131338f3ca61d8f289fdb638424762e0acb9eaacbb7127f6e268cf5110315cce
                                                                                                                                                      • Opcode Fuzzy Hash: 15ea6920254f1ed56578071389b58d401cc2300d1d0e6b558d8edfe77043a17e
                                                                                                                                                      • Instruction Fuzzy Hash: 80F02BB62093841FCF072BA478E42D93FA6EF8A355F48009FE185CF143DE2618028355
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93C230, Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: 8#p
                                                                                                                                                      • API String ID: 0-2218421853
                                                                                                                                                      • Opcode ID: 8cf92c9b67ede436c7e65acddd602904d51010630e5a1f88742019ef10ed9a0f
                                                                                                                                                      • Instruction ID: 45d12fcd359ef91011527351e3d2ec45ab7492817cfed270168745fc43e4ce41
                                                                                                                                                      • Opcode Fuzzy Hash: 8cf92c9b67ede436c7e65acddd602904d51010630e5a1f88742019ef10ed9a0f
                                                                                                                                                      • Instruction Fuzzy Hash: BEF08271E01218DFCF54EFBDC4405AE7FF0EF09210B1084AAE458EB211EB319A40CB80
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93A03B, Relevance: 1.3, Strings: 1, Instructions: 10COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: J
                                                                                                                                                      • API String ID: 0-1141589763
                                                                                                                                                      • Opcode ID: fb43053cdc53c1c1813f2c8eb0c4e44071d9b18b15ed97b064a27454eaffb65e
                                                                                                                                                      • Instruction ID: 23f29066d1fa234f62ac0225e0eaf1e379129b156ddb3b60acf0b1c57a3a4cd3
                                                                                                                                                      • Opcode Fuzzy Hash: fb43053cdc53c1c1813f2c8eb0c4e44071d9b18b15ed97b064a27454eaffb65e
                                                                                                                                                      • Instruction Fuzzy Hash: CFC080E674015C55CF45931090106997B955F87510B040588C5089E642C71544024747
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A932258, Relevance: .7, Instructions: 687COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: ba3f705d025f7ed562e9578858d64e3b7a4cae3c72e86f9dddea82d75123131e
                                                                                                                                                      • Instruction ID: 007030fa2cb8b184483bc33dddbbcef5faf4929cc7373657c92c168169019387
                                                                                                                                                      • Opcode Fuzzy Hash: ba3f705d025f7ed562e9578858d64e3b7a4cae3c72e86f9dddea82d75123131e
                                                                                                                                                      • Instruction Fuzzy Hash: 08526B35A002099FCB14DFA8D484AAEBBF6FF98310F158999E505AB361CB30ED45CF90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A27F5B0, Relevance: .5, Instructions: 469COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356259306.000000000A270000.00000040.00000001.sdmp, Offset: 0A270000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 90531ed4180577db52af6ca44bb26d7365e4318ffb78789af1ee5d8209a4d5fb
                                                                                                                                                      • Instruction ID: b2a6551c9da8119a46de15aa66656a7f2d0a195914917d3d67b115c9b729e6b6
                                                                                                                                                      • Opcode Fuzzy Hash: 90531ed4180577db52af6ca44bb26d7365e4318ffb78789af1ee5d8209a4d5fb
                                                                                                                                                      • Instruction Fuzzy Hash: 20226530A10706DFC725DF65D5849AABBF6FF88300B158AA9D4469B7A1DB30ED45CF80
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 05335BA8, Relevance: .2, Instructions: 200COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 21cdb4739e383ff13e6e6c1bddf1bca2a665f434b5ad6282266255c9c89e8182
                                                                                                                                                      • Instruction ID: f0e5b74ff65afed9b4f49281ade90c30a563b511a3b0fba7ee24a3afed111828
                                                                                                                                                      • Opcode Fuzzy Hash: 21cdb4739e383ff13e6e6c1bddf1bca2a665f434b5ad6282266255c9c89e8182
                                                                                                                                                      • Instruction Fuzzy Hash: FC61A371B010018FEB58AFB8A4196BE3BBBABC5355B118429D406DB394DF399D42CB92
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93C3F8, Relevance: .2, Instructions: 192COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: f276422cf9560fca085bb1dfe09e62ef37a4ce2567d9e97c56fecbe741316d3c
                                                                                                                                                      • Instruction ID: 9ac12604a339474f6ed103495f116f29cf4debacc28d5ed95ac22e4fa948d605
                                                                                                                                                      • Opcode Fuzzy Hash: f276422cf9560fca085bb1dfe09e62ef37a4ce2567d9e97c56fecbe741316d3c
                                                                                                                                                      • Instruction Fuzzy Hash: 2E718D35B016089FCB14DFA8D498AADBBF6EF89315F158469E406EB360CB30AC45CB91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93BF20, Relevance: .2, Instructions: 188COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 5a895141af5c0c67a1bc540d3b9f222a6828019d96bedab7c5f213feb97537c7
                                                                                                                                                      • Instruction ID: 796a039aaf1d8f06e26aa4595771b03ef1d83bece009ae627dc5357ada4d9dde
                                                                                                                                                      • Opcode Fuzzy Hash: 5a895141af5c0c67a1bc540d3b9f222a6828019d96bedab7c5f213feb97537c7
                                                                                                                                                      • Instruction Fuzzy Hash: 0F61E132A00215EFCB15DFA4C844DAEBBF6FF89314B1589A9D5059F262DB31ED06CB90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A938358, Relevance: .2, Instructions: 174COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: b5c8ed54f8c5806bdbc3e6c680e418b58a58e6858efe20d4fbc1ea36d35ec7f4
                                                                                                                                                      • Instruction ID: 30b278fec653d476b59405e5bd06651532f5d853dab0533c18f7a5e684ee1929
                                                                                                                                                      • Opcode Fuzzy Hash: b5c8ed54f8c5806bdbc3e6c680e418b58a58e6858efe20d4fbc1ea36d35ec7f4
                                                                                                                                                      • Instruction Fuzzy Hash: 1B51D132704249AFCB52CFA9D8548FFBFF9EF89210B1484AAE915D7212C731D815DBA1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A934768, Relevance: .2, Instructions: 170COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 5087875fe9ea0e036cf6685f3e45e33f6590f81f0c779b89067b151a978700e3
                                                                                                                                                      • Instruction ID: 71f88af9f6e870a847bbf974473e6e506d6a8b4250923275ac9df62610d3cb8d
                                                                                                                                                      • Opcode Fuzzy Hash: 5087875fe9ea0e036cf6685f3e45e33f6590f81f0c779b89067b151a978700e3
                                                                                                                                                      • Instruction Fuzzy Hash: 8C614931F00208AFDB14DFA5D844AAEBBF6FF88311F148429E916AB351DB74AC45CB90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0533D228, Relevance: .2, Instructions: 153COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 2cedf14daf7a8c63ce7661e8176beb858c209a4548b2a16bae1c45ff681c3163
                                                                                                                                                      • Instruction ID: 6798de070cb91ac99c5867a8a67158c8492332a91624fc1542d2e66d2e094a6b
                                                                                                                                                      • Opcode Fuzzy Hash: 2cedf14daf7a8c63ce7661e8176beb858c209a4548b2a16bae1c45ff681c3163
                                                                                                                                                      • Instruction Fuzzy Hash: 7E51D934A0021D9FCB14DFE4E995AEDBBB6FF88354F148429E902AB3A0DB749D41CB51
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A934767, Relevance: .1, Instructions: 148COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 23e4d4c40e5193642e1f29e1fc1bc893c20c0d5b1b0a3aada0c6251b17f15805
                                                                                                                                                      • Instruction ID: 37a02533d6f05f55678044cabd53ca9742665056b9927667217802724475347d
                                                                                                                                                      • Opcode Fuzzy Hash: 23e4d4c40e5193642e1f29e1fc1bc893c20c0d5b1b0a3aada0c6251b17f15805
                                                                                                                                                      • Instruction Fuzzy Hash: D5515731B002089FDB14DFA5D844AAEBBF6FFC8711F24842AE516A7351DB74AC45CB90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0533E759, Relevance: .1, Instructions: 140COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 8d72da1330875dda55671eb8600ff7cbb07f7d074be8a0191e5ea6d1ff05373a
                                                                                                                                                      • Instruction ID: 70e123230fe57ea979ccdb7804d0190544ddb4ca12d19eff24a1db1b58a90059
                                                                                                                                                      • Opcode Fuzzy Hash: 8d72da1330875dda55671eb8600ff7cbb07f7d074be8a0191e5ea6d1ff05373a
                                                                                                                                                      • Instruction Fuzzy Hash: 8951E338A00209DFCB14DFA4E994AADBBB6FF88314F158554E906AB361DB35EC42DF50
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A938B40, Relevance: .1, Instructions: 140COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: a1e90728e0bd5ff1cd1a861a1e811e6fe903a64efa9d74fd6a5adc711190f5cb
                                                                                                                                                      • Instruction ID: 0cb0ec9a07421cafc8bbda57c7a587fd1576d7a8779af8b3a1ab14fe6f32cebf
                                                                                                                                                      • Opcode Fuzzy Hash: a1e90728e0bd5ff1cd1a861a1e811e6fe903a64efa9d74fd6a5adc711190f5cb
                                                                                                                                                      • Instruction Fuzzy Hash: 38516932B046599FCB11CF69C880AAABBF6FF85320F15C555F8659B2A1C770E944CFA0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A27E288, Relevance: .1, Instructions: 140COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356259306.000000000A270000.00000040.00000001.sdmp, Offset: 0A270000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: b5aedde140d815a6d1b0268b4edea3b44775b842cb03bb187da92a42318a85b1
                                                                                                                                                      • Instruction ID: d859665ea18792712a17ab603a6eabfe45616353716d4b6387f587e4a9a833df
                                                                                                                                                      • Opcode Fuzzy Hash: b5aedde140d815a6d1b0268b4edea3b44775b842cb03bb187da92a42318a85b1
                                                                                                                                                      • Instruction Fuzzy Hash: 75512574A106598FDB15CFA9C884A9DBBF2BF48300F0985A9E849EB761C730ED41CF50
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0533D720, Relevance: .1, Instructions: 127COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: faadff3385ef68d902a124403864c61c990f41308a50d60d7d0de6554f0ff4d5
                                                                                                                                                      • Instruction ID: eecb10adeca0bd9598478364b8c67eab0c846a808b38247d26f787573329beaf
                                                                                                                                                      • Opcode Fuzzy Hash: faadff3385ef68d902a124403864c61c990f41308a50d60d7d0de6554f0ff4d5
                                                                                                                                                      • Instruction Fuzzy Hash: 0F41AD74B042088FD705DFA8D4557AEBBFAEF89310F1484AAD50ADB390DB719C41CB91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93C498, Relevance: .1, Instructions: 125COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 3eaa9d95423cb8ea6376fd196ecaf4853e12925ae0a0174187ce3cf3dac8f27b
                                                                                                                                                      • Instruction ID: 9adfa89b1ef93b9eb44b862f49a2cbd749bd39e7e746fdeb3e00c25c3d4ef161
                                                                                                                                                      • Opcode Fuzzy Hash: 3eaa9d95423cb8ea6376fd196ecaf4853e12925ae0a0174187ce3cf3dac8f27b
                                                                                                                                                      • Instruction Fuzzy Hash: 1F512835B016099FCB14DFA8E598AADBBF6BF88315F118558E406AB360DB30EC45CF90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93A0D8, Relevance: .1, Instructions: 119COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 39dbf72adf1349c6eff34ee6c60e5e40c3dd3ec7923e4e4665f8eb098d6f3e19
                                                                                                                                                      • Instruction ID: 909e3a0f0f6781dd554801df61bcf5bcfa55a671b7eeb5a28a4ef34bf1415cc1
                                                                                                                                                      • Opcode Fuzzy Hash: 39dbf72adf1349c6eff34ee6c60e5e40c3dd3ec7923e4e4665f8eb098d6f3e19
                                                                                                                                                      • Instruction Fuzzy Hash: 5B4127313006009FC728CF69D88892AB7FAFF89214B154599E546CBB72CB36EC45CB40
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93C64F, Relevance: .1, Instructions: 115COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 80db9e26364bce41c39fea07f26a530b18f3b7c78886f99c093ed2f2354b5ae7
                                                                                                                                                      • Instruction ID: a80214bbbb1f3ab53d02f66da544ea6a4a78e1089bb25e9ed5bb34344ed6831c
                                                                                                                                                      • Opcode Fuzzy Hash: 80db9e26364bce41c39fea07f26a530b18f3b7c78886f99c093ed2f2354b5ae7
                                                                                                                                                      • Instruction Fuzzy Hash: E241E339A01609AFCB14CFA8E598AADBBB6BF48315F118455E406AB361CB30AD45CB50
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93EA8B, Relevance: .1, Instructions: 111COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 03f66e831a4f9ad2e5d52dca91df59e53e1341d8a71eeb67e99c0259ea5ff06f
                                                                                                                                                      • Instruction ID: 2da26ab4d9cc8717707c45a5788cd1551f6f9c1d1aded2af4d78c891d1266232
                                                                                                                                                      • Opcode Fuzzy Hash: 03f66e831a4f9ad2e5d52dca91df59e53e1341d8a71eeb67e99c0259ea5ff06f
                                                                                                                                                      • Instruction Fuzzy Hash: 8F418B31A21204DFDB59EB75D851BAD73FABF84344F148929D402AB290DF39AC02CB91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A9349E0, Relevance: .1, Instructions: 109COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 022ddb3cf0dd3bd21b090ccd85edb08f90614c574d18f91a4de9ed5ea8921a95
                                                                                                                                                      • Instruction ID: ff777e8902de6c3681152fe564d3a710b848655535ed0c80f0e304fa7f7d577f
                                                                                                                                                      • Opcode Fuzzy Hash: 022ddb3cf0dd3bd21b090ccd85edb08f90614c574d18f91a4de9ed5ea8921a95
                                                                                                                                                      • Instruction Fuzzy Hash: 8141F035604295DFCB05CF24D49886EBFB5EF89312B02808AE81AD7362CB34DD45DB92
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93EA98, Relevance: .1, Instructions: 108COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 8947d177f520e0ca2827ca38c9d2306b0dc5feef34cb2ef7a51d968429430fa3
                                                                                                                                                      • Instruction ID: be3fa3fbd67f5d804bd09e72e7deb69a993772a3e82541e2e645643d83b6985c
                                                                                                                                                      • Opcode Fuzzy Hash: 8947d177f520e0ca2827ca38c9d2306b0dc5feef34cb2ef7a51d968429430fa3
                                                                                                                                                      • Instruction Fuzzy Hash: EC416B31B112089FDB59EB75D851AAE73FABF84344F148929D502AB390DF39AC01CB91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 053323D9, Relevance: .1, Instructions: 107COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: e54734080beabf336a47de3954b9638ce58afd4372476755266608c981c5ed54
                                                                                                                                                      • Instruction ID: 4577619a494d6fb9a39fb96b1f6d3f4f9094c1002f71f7ee9389b2fc98161fef
                                                                                                                                                      • Opcode Fuzzy Hash: e54734080beabf336a47de3954b9638ce58afd4372476755266608c981c5ed54
                                                                                                                                                      • Instruction Fuzzy Hash: CB319FB8B101049FCB08EB74E4A956EBBFAEBC93057544469F90ADB340DF359C028B91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93E1D8, Relevance: .1, Instructions: 106COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 1f09affeccc074aa033ca7982b794ca62dfb75d8c3a2cad72ae304002282f30e
                                                                                                                                                      • Instruction ID: 73116c17941672081a0e33e32a6b2f2a10d32ea9966dbc8b7cc5534e5230cc63
                                                                                                                                                      • Opcode Fuzzy Hash: 1f09affeccc074aa033ca7982b794ca62dfb75d8c3a2cad72ae304002282f30e
                                                                                                                                                      • Instruction Fuzzy Hash: 10416D31B002088FDB50DFA4D85069EB3EAAFC4308F59DDA8D4165F368DF74AC068B95
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0533525F, Relevance: .1, Instructions: 103COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: d73195e15b19c99296b2854db506c31441df4746436c5fcccae1d0fa212d35ff
                                                                                                                                                      • Instruction ID: 6d660f8f45550f24d8b904c5929a9c7c3b3be3ea824f70f0d7fbdb0bdf0c5dbe
                                                                                                                                                      • Opcode Fuzzy Hash: d73195e15b19c99296b2854db506c31441df4746436c5fcccae1d0fa212d35ff
                                                                                                                                                      • Instruction Fuzzy Hash: 1F3104326043499BDB11EF64EC91ADD77E9EFD12087488EA9D5068F364EB70AC0AC7D1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 053350C0, Relevance: .1, Instructions: 96COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: d46f754c429620f5d7c371581646559508734f49736de0ab73f3e96d76e879a0
                                                                                                                                                      • Instruction ID: 48421dcafa495b6ee537c05897b459c722fdc7b3070155778be628bfc6fff35b
                                                                                                                                                      • Opcode Fuzzy Hash: d46f754c429620f5d7c371581646559508734f49736de0ab73f3e96d76e879a0
                                                                                                                                                      • Instruction Fuzzy Hash: 83415DB5900209EFCF41DFE0E94AA9DBFB6FB88305F044455E901AB260DB3A6D15DF61
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 05337D38, Relevance: .1, Instructions: 96COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 1edebd85f35b08c454798d139604cb6e5edb9f2dbee48ab273066d5bcb662b06
                                                                                                                                                      • Instruction ID: 50d89516fbc8e288142a540191612b82808fcd9314387b72cb964b37e7b2c71e
                                                                                                                                                      • Opcode Fuzzy Hash: 1edebd85f35b08c454798d139604cb6e5edb9f2dbee48ab273066d5bcb662b06
                                                                                                                                                      • Instruction Fuzzy Hash: 2B3150B47042088FDB58EFA4D459AAE7BFAEF88714F140468E9079B3A0CF769D41CB51
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 05330AE8, Relevance: .1, Instructions: 93COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 188f397ed1173a26ba6eb7ceecb94a788d832ef5694ffaaafdbb1ae9167113f5
                                                                                                                                                      • Instruction ID: efc922d99e4c6aecdeb129219a1bb41c2455c8434a1699ca0e90db8b48c8f44c
                                                                                                                                                      • Opcode Fuzzy Hash: 188f397ed1173a26ba6eb7ceecb94a788d832ef5694ffaaafdbb1ae9167113f5
                                                                                                                                                      • Instruction Fuzzy Hash: BE31A6B0B042059FC718CB69C899A6ABBF6FF85305B1185A9E146DB3A1DB70EC41C790
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 053350D7, Relevance: .1, Instructions: 93COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: ab11cd30fb09cd44d8348b4877d733a986240f7f197c60ca0c16e35e8a0f1fbd
                                                                                                                                                      • Instruction ID: f8a797a18585d3ee0839d9d60a52b19aa8aea7dfa22016761487f4285e517648
                                                                                                                                                      • Opcode Fuzzy Hash: ab11cd30fb09cd44d8348b4877d733a986240f7f197c60ca0c16e35e8a0f1fbd
                                                                                                                                                      • Instruction Fuzzy Hash: 1C413BB5900109EFCF45DFE0E94AA9D7FB6FB88305F444455E901AB220DB3A5D12DF60
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 053372F0, Relevance: .1, Instructions: 93COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 4aaa8877ab96ed15c1e17e757e3be5ffad389c023261d9f1dd1b8ba3e4dbc380
                                                                                                                                                      • Instruction ID: d6407a3b047a356f49dc5e2dd8d7000e8865f17e65bf5227ac137213d0786521
                                                                                                                                                      • Opcode Fuzzy Hash: 4aaa8877ab96ed15c1e17e757e3be5ffad389c023261d9f1dd1b8ba3e4dbc380
                                                                                                                                                      • Instruction Fuzzy Hash: FA2143B97052149FCB156BB8E4196AE7BBEEBCA329B140869E806CB340DF354C038790
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 05337E81, Relevance: .1, Instructions: 93COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 0605708924c6b95c33630a323b3b176e434fbcf4210fa5d10a1e4cf3a788c845
                                                                                                                                                      • Instruction ID: f311cda3996c397c195de5151615c5ae8a16f604bd912832afd6a85976a80805
                                                                                                                                                      • Opcode Fuzzy Hash: 0605708924c6b95c33630a323b3b176e434fbcf4210fa5d10a1e4cf3a788c845
                                                                                                                                                      • Instruction Fuzzy Hash: 233103747053444FD715A7B4A85926E3BEA9FC9219B048C7AD406CF790EF789C078792
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93FB88, Relevance: .1, Instructions: 91COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: ec6d5d6f6e7ed5fc4f617b2901ceb8750e55dbaf3741d8d2b684ebb09b629cd0
                                                                                                                                                      • Instruction ID: a7fcd70f31663c591c21403ec5e1a1fd5d40686428878f2dd7206cc64021772e
                                                                                                                                                      • Opcode Fuzzy Hash: ec6d5d6f6e7ed5fc4f617b2901ceb8750e55dbaf3741d8d2b684ebb09b629cd0
                                                                                                                                                      • Instruction Fuzzy Hash: F4210675B002085FDB15EBB8D8945AE7BEBEFC9215B24882DD40ACB380CF345C078751
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0533B0C0, Relevance: .1, Instructions: 89COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: b77b2ddc239065e304be0155dfd0a19980122b37cc4fa38844a58794f3b3f1aa
                                                                                                                                                      • Instruction ID: fa59c39ab8a48914a5a74336762c30da3b8e74fdd388a9e7718212dc2fb24a9b
                                                                                                                                                      • Opcode Fuzzy Hash: b77b2ddc239065e304be0155dfd0a19980122b37cc4fa38844a58794f3b3f1aa
                                                                                                                                                      • Instruction Fuzzy Hash: 0B316B31D1074A9ACB11EFB8C851299B7B1BF9A324F24972AD45A7B240EB34B5D0CB80
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0533B0D0, Relevance: .1, Instructions: 85COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 5703e85bdc7c8030a8e0dc7ac5f1276e51fd29b6619126fd6a19dba24a6f3345
                                                                                                                                                      • Instruction ID: 8e22ae0fd1a0b4b51b2e7597458ae733b1d03a20a75438d1d50f64ec44ca0d33
                                                                                                                                                      • Opcode Fuzzy Hash: 5703e85bdc7c8030a8e0dc7ac5f1276e51fd29b6619126fd6a19dba24a6f3345
                                                                                                                                                      • Instruction Fuzzy Hash: 92317A31D10B4A9BCB10EFB9C841299B3B1FF9A324F249719E55A7B200EB74B5D0CB80
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 05335110, Relevance: .1, Instructions: 83COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 1584a3b37b57fad148a18440275f4af5bf5ba48d72e760b70f89efd4c6dedd9f
                                                                                                                                                      • Instruction ID: 677f6426c0bc670d02b8ce3a47649e11b23fe996af66f8e9002e21ad169859f0
                                                                                                                                                      • Opcode Fuzzy Hash: 1584a3b37b57fad148a18440275f4af5bf5ba48d72e760b70f89efd4c6dedd9f
                                                                                                                                                      • Instruction Fuzzy Hash: 95313AB5900109EFCF45DFE0E94AA9DBFB6FB88305F048815EA01AB220DB366D15DF60
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 05335F40, Relevance: .1, Instructions: 83COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 473169c7a7a719d720c50ba613e35bf2730e0b9a3db6349431a154b6e8c592d0
                                                                                                                                                      • Instruction ID: 621f2195ed5b0e2c8944c7dccf28753d65210f8d36cd06b3db0c0862f1f5140e
                                                                                                                                                      • Opcode Fuzzy Hash: 473169c7a7a719d720c50ba613e35bf2730e0b9a3db6349431a154b6e8c592d0
                                                                                                                                                      • Instruction Fuzzy Hash: CE21FCB2A093408FD7019F74D8157697FBAAF86312B0544FBD089CB751DE399D41CB61
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 053383A8, Relevance: .1, Instructions: 82COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 844c44a193744b6310dff5a81283f2921ec31aae33c3e1eaa703e38a889d6e78
                                                                                                                                                      • Instruction ID: 7a354e55f843353e2f02d543a92515dd2c820a9d1a9eb96b7e088a9d97747b76
                                                                                                                                                      • Opcode Fuzzy Hash: 844c44a193744b6310dff5a81283f2921ec31aae33c3e1eaa703e38a889d6e78
                                                                                                                                                      • Instruction Fuzzy Hash: F431D431F0064A8BDB11EFB8D8142AAF3B1FF85304F108629D856A7740EB74A992CB81
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 05337D28, Relevance: .1, Instructions: 81COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: c2e8db98e658f758027fe74f8788db28fe612b1a8c4398a3d30d6c2501db3d53
                                                                                                                                                      • Instruction ID: 404b3ef2eaa0421b9ee6c9fc997d132c1370a5fd2e3d4f941233e51afdb8efd5
                                                                                                                                                      • Opcode Fuzzy Hash: c2e8db98e658f758027fe74f8788db28fe612b1a8c4398a3d30d6c2501db3d53
                                                                                                                                                      • Instruction Fuzzy Hash: DF314FB57042088FDB58DFA4D4A9BAA7BFAFF88714F140468E5029B360CB769D45CB50
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 053383B8, Relevance: .1, Instructions: 80COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 969f5188cbc729f5439c29092226b1de15032a9c4a920ddf7e9ad4093e9db353
                                                                                                                                                      • Instruction ID: 2108b25aa9eaa3eabf02f118942cc165ded80179ff004c676b89042512f64862
                                                                                                                                                      • Opcode Fuzzy Hash: 969f5188cbc729f5439c29092226b1de15032a9c4a920ddf7e9ad4093e9db353
                                                                                                                                                      • Instruction Fuzzy Hash: C9319831F0060A8BCB15EFB4D8142AEF3B5FF85304F108529D556B7740EB74A996CB91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93F108, Relevance: .1, Instructions: 80COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: f3f0071dbb7c31bedf96e9423b9288ef5e2639f88ed16ebaaa6d13e14a14da82
                                                                                                                                                      • Instruction ID: d67bc94357f63602e3761e18ec39e4ae55a402f123dffd8d224bdc484aad1a19
                                                                                                                                                      • Opcode Fuzzy Hash: f3f0071dbb7c31bedf96e9423b9288ef5e2639f88ed16ebaaa6d13e14a14da82
                                                                                                                                                      • Instruction Fuzzy Hash: 862179757047505FC32A9779AC944AEBBA6EFC6224728897ED149CB3A1CA209C06C791
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0533F110, Relevance: .1, Instructions: 79COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 6bc739692815f06427fe632126b40c2c480f7b5aebe4d655104eade8a952b6cd
                                                                                                                                                      • Instruction ID: 1a7b1eaa98205449b46a8b23992dc5f52c4820cf9bb30e3cd2db88d815b46712
                                                                                                                                                      • Opcode Fuzzy Hash: 6bc739692815f06427fe632126b40c2c480f7b5aebe4d655104eade8a952b6cd
                                                                                                                                                      • Instruction Fuzzy Hash: 51216B34B0020A9FDB15DF64D8859AA7BB5FF88360F508069E9028B361CB74D941CB90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93D330, Relevance: .1, Instructions: 79COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 20565882cccbaa6532ea342a14db4009c1e51112f284702a1a083cadfef31c63
                                                                                                                                                      • Instruction ID: 49db4133ddab5d533707823cd13ba734475c80768cff92b146d2b3ce9e305882
                                                                                                                                                      • Opcode Fuzzy Hash: 20565882cccbaa6532ea342a14db4009c1e51112f284702a1a083cadfef31c63
                                                                                                                                                      • Instruction Fuzzy Hash: EB21C4357101149FDB14DBA8D4687AD7BFAEFC8704F1444A9D506EB3A0CF748D018B91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93B028, Relevance: .1, Instructions: 79COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 0d1b02827ad1fd07d078cbc8626cee4527b29707f65709928c2160232d21f3cf
                                                                                                                                                      • Instruction ID: 35ada44660af659612185aaa073ebbb4b0aebe10569d84da77af316d4c8425af
                                                                                                                                                      • Opcode Fuzzy Hash: 0d1b02827ad1fd07d078cbc8626cee4527b29707f65709928c2160232d21f3cf
                                                                                                                                                      • Instruction Fuzzy Hash: 1821E136B002088FCB08DF74D89557E7BF5FF89201B0045A9D816EBB62DB309C01CB81
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 04F3D824, Relevance: .1, Instructions: 77COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.349772285.0000000004F3D000.00000040.00000001.sdmp, Offset: 04F3D000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: fc8c6d715657850db64584292c7f7cdb71fea3f12ab4e1b615a54e604c4b81c8
                                                                                                                                                      • Instruction ID: e76a0be4faa5c0b473c83e2f719ecbb53cd278e213c47c3b34419345995ef35a
                                                                                                                                                      • Opcode Fuzzy Hash: fc8c6d715657850db64584292c7f7cdb71fea3f12ab4e1b615a54e604c4b81c8
                                                                                                                                                      • Instruction Fuzzy Hash: 74212872A04244EFDF05CF54D9C0B16BBA5FB88318F2486A9ED490B245C336F856CBA1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 04F3D4DC, Relevance: .1, Instructions: 75COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.349772285.0000000004F3D000.00000040.00000001.sdmp, Offset: 04F3D000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: db25cd165c77853c987b35030430c43269bc3dd67278263264a236d569200207
                                                                                                                                                      • Instruction ID: af1ba3de4a14cb633890d1ba6c2728ce7a49aa97f35efbaa72f32c2dc208ffca
                                                                                                                                                      • Opcode Fuzzy Hash: db25cd165c77853c987b35030430c43269bc3dd67278263264a236d569200207
                                                                                                                                                      • Instruction Fuzzy Hash: A5214972604204DFCB45DF10D9C0F27BFA6FB88329F2485A9E8050B246C336E857CBA2
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0533B478, Relevance: .1, Instructions: 74COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: e87ec10745b1fd8521878af2252980a57bbb8a16ee9ac73ffcd0406b0ec39810
                                                                                                                                                      • Instruction ID: 7656ea73efa613048e8d814f5d9ae1630a0ceb161f7cb11d8538a5f2fa3d9943
                                                                                                                                                      • Opcode Fuzzy Hash: e87ec10745b1fd8521878af2252980a57bbb8a16ee9ac73ffcd0406b0ec39810
                                                                                                                                                      • Instruction Fuzzy Hash: 38219AB0718285CBD7196BB5A47B33A7FAEAB45705F04042DF4478EA81DE7A8841CB52
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0533B467, Relevance: .1, Instructions: 74COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 9b5bcac713ef8ad85c9a8049c4eb3ebbf705ff2b077205558e0a6c1a47659e75
                                                                                                                                                      • Instruction ID: 941cc9000ab7a040587dbf7ba82f010cafce087a5fdcce336233594918273875
                                                                                                                                                      • Opcode Fuzzy Hash: 9b5bcac713ef8ad85c9a8049c4eb3ebbf705ff2b077205558e0a6c1a47659e75
                                                                                                                                                      • Instruction Fuzzy Hash: CB21C4B0718285CBD71A6BB1B47B2397F7E6F06305B04055DF4978EA51DF3A8801CB12
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A930006, Relevance: .1, Instructions: 73COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 4045710c2662496e856e13126efa4b7e2a87ae4beacd8a549c712a9c32d742c8
                                                                                                                                                      • Instruction ID: 34940bae76fd48ceae3c204adea39b0626eb8936ac47179dc29a782f21740046
                                                                                                                                                      • Opcode Fuzzy Hash: 4045710c2662496e856e13126efa4b7e2a87ae4beacd8a549c712a9c32d742c8
                                                                                                                                                      • Instruction Fuzzy Hash: FB21B231A093818FD712CB74C954BAABFF5AF47214F0984EAC485CB5A3D339A909CF51
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 05330ADB, Relevance: .1, Instructions: 72COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: d0197daa5976457103aa02e46a1cbad7552059faa5fd733cb5821855b1770a1c
                                                                                                                                                      • Instruction ID: b42fe15f119c1356850a667f3158f75a620a622827be971d90b2f315e11cae08
                                                                                                                                                      • Opcode Fuzzy Hash: d0197daa5976457103aa02e46a1cbad7552059faa5fd733cb5821855b1770a1c
                                                                                                                                                      • Instruction Fuzzy Hash: EA219574A002099FDB18CB59C949A7EB7F6FF84319F118569E505EB2A0DB70EC40C795
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 04F4D3F4, Relevance: .1, Instructions: 72COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.349797331.0000000004F4D000.00000040.00000001.sdmp, Offset: 04F4D000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 6055c10d2b8714b1d6f92c22066569515db104e6f3dd1357fed8615fe4b6a72f
                                                                                                                                                      • Instruction ID: f8b19018e438cb32ed1b8b6e40bd8b507c8e25cece19e92390f840814264496d
                                                                                                                                                      • Opcode Fuzzy Hash: 6055c10d2b8714b1d6f92c22066569515db104e6f3dd1357fed8615fe4b6a72f
                                                                                                                                                      • Instruction Fuzzy Hash: 0E21F272604244DFCB00CF54D9C4B1BBFA9EBC4324F24C9A9D8090B256CB3AF846CAA1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 04F4D5A4, Relevance: .1, Instructions: 72COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.349797331.0000000004F4D000.00000040.00000001.sdmp, Offset: 04F4D000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: eadb9669b9917b045f757b8e3092f0bfec8ba62127ff0ec859dcfd34a0bdddd6
                                                                                                                                                      • Instruction ID: e3b04bfb28d8ab5ad01ce703287834209fcb142845a40757267395b4444cda00
                                                                                                                                                      • Opcode Fuzzy Hash: eadb9669b9917b045f757b8e3092f0bfec8ba62127ff0ec859dcfd34a0bdddd6
                                                                                                                                                      • Instruction Fuzzy Hash: 9421F571604244DFDB40CF14D9D4B16BFA5FBC4318F24C9A9D9094B251CF3AE846CA61
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A932FC0, Relevance: .1, Instructions: 71COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: f8e166cace1ea617f9edd9eddbd209d5703c064f3e42a20d369160c6de0fb35b
                                                                                                                                                      • Instruction ID: 3e2490938d29c98e8d2577b5b6e1a954a8782d1d3f7254864bd9c231b7e735a7
                                                                                                                                                      • Opcode Fuzzy Hash: f8e166cace1ea617f9edd9eddbd209d5703c064f3e42a20d369160c6de0fb35b
                                                                                                                                                      • Instruction Fuzzy Hash: 5C219D356042889FC701DF68D894D9ABFF5EF8A324719849AE549CF362CB31EC06CB91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A934A3B, Relevance: .1, Instructions: 66COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: d7539fb94f5f478e3786f1adaca5ea8c25d9f09bf4de3376332236b501193623
                                                                                                                                                      • Instruction ID: 0d760ea3e293584c1832953055084eb476fc140bed3d6b5c9a0cf5f9b5cbf973
                                                                                                                                                      • Opcode Fuzzy Hash: d7539fb94f5f478e3786f1adaca5ea8c25d9f09bf4de3376332236b501193623
                                                                                                                                                      • Instruction Fuzzy Hash: 842159796041A1DFCB05CF55D08886EBFB2FF88351B058096E81597362CB34DE45EB92
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A934A40, Relevance: .1, Instructions: 66COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 09cf3065ac1e7df88a894181c71a17b395f7df9b100be303b57943667124f508
                                                                                                                                                      • Instruction ID: e423b7e8fd1e4924ec53299ba0cd14036c267acc4fa1a34159fad5bf8b1617b6
                                                                                                                                                      • Opcode Fuzzy Hash: 09cf3065ac1e7df88a894181c71a17b395f7df9b100be303b57943667124f508
                                                                                                                                                      • Instruction Fuzzy Hash: 32217C75604195DFCB05CF15D088C6EBFB2FF88351B058086E81597361CB34EE45EB92
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93C160, Relevance: .1, Instructions: 66COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 989c5963c180e51d9268016717d7225f7cfefffb5d71d995b2e1f0701ea5d215
                                                                                                                                                      • Instruction ID: 40b8157cca604a2955e9f737deac11c7e4aaae820e08f2e8bd837d4054a8647f
                                                                                                                                                      • Opcode Fuzzy Hash: 989c5963c180e51d9268016717d7225f7cfefffb5d71d995b2e1f0701ea5d215
                                                                                                                                                      • Instruction Fuzzy Hash: 6E11B772B005089FDB149BA5D9586AEB7FEEFC8305F148069E906F7380DF348D058B91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A27F5AB, Relevance: .1, Instructions: 66COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356259306.000000000A270000.00000040.00000001.sdmp, Offset: 0A270000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 126132b2f9148f5cebbf110d13f8090d71a7d9b20addabe0890c2019d4679a8d
                                                                                                                                                      • Instruction ID: 91fdc35bbc5236020d2d044c45e4eefe6362d0c23b5850709c808735c0c338da
                                                                                                                                                      • Opcode Fuzzy Hash: 126132b2f9148f5cebbf110d13f8090d71a7d9b20addabe0890c2019d4679a8d
                                                                                                                                                      • Instruction Fuzzy Hash: C3218E316106009FC729CF29D584E5ABBF6FF88310B05C5A9E45ADB662CB30ED04CF40
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93AC50, Relevance: .1, Instructions: 62COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: f5ebf88a8164d5b4d61ebf9093ce2ab4efce35f0230392e16f2e1dccc283a242
                                                                                                                                                      • Instruction ID: de94a0f890c1f234da56852434191a52318dc2bec52c803534d9a34f744047a0
                                                                                                                                                      • Opcode Fuzzy Hash: f5ebf88a8164d5b4d61ebf9093ce2ab4efce35f0230392e16f2e1dccc283a242
                                                                                                                                                      • Instruction Fuzzy Hash: 85112532B041185F8660EBA8D8608BEB2EEAFC4944704CD29C746AFB10DF76AC0187D2
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0533A558, Relevance: .1, Instructions: 60COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: c15bc7427e2bd4f30deb0bb79c50e3517406e6cfc3fd24212a4ed93eb6de7ae4
                                                                                                                                                      • Instruction ID: f35b3e07d1f565e32e0aade73fb78fc3e3860c792a8845ef0171092f2b5d21d3
                                                                                                                                                      • Opcode Fuzzy Hash: c15bc7427e2bd4f30deb0bb79c50e3517406e6cfc3fd24212a4ed93eb6de7ae4
                                                                                                                                                      • Instruction Fuzzy Hash: 80113A70B042445FD705ABB498297AE3FBA8F85300F5084A6E846CF3C1DF358D028792
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0533B940, Relevance: .1, Instructions: 60COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 084cad93f09ab86aff3ac0461f1255378d01566a0471583f6342da40a27161f0
                                                                                                                                                      • Instruction ID: 09b81bb281aa388330bf18fe47a81ef80e68b382c149b82471e3d50668a354a1
                                                                                                                                                      • Opcode Fuzzy Hash: 084cad93f09ab86aff3ac0461f1255378d01566a0471583f6342da40a27161f0
                                                                                                                                                      • Instruction Fuzzy Hash: E5113D30B0060A9BC704EF64D8A099EB3EABFC4209B144D25D1469B764EB70BD0A87D5
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 053330C7, Relevance: .1, Instructions: 59COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 462389cd920ed42ee1d9f3792a68460281cd3ffd330de90572f5340aa3f36186
                                                                                                                                                      • Instruction ID: da37e55cd0f0399336262a6bf66a233e106236ac75451b65762e5c9e890e0035
                                                                                                                                                      • Opcode Fuzzy Hash: 462389cd920ed42ee1d9f3792a68460281cd3ffd330de90572f5340aa3f36186
                                                                                                                                                      • Instruction Fuzzy Hash: 40113A712183044FD7106B65E85A7577FEDEB85315F048D2DF54ACB641CF72584187A1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 05335310, Relevance: .1, Instructions: 59COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: a01d6d3abadbf97d7934b49d5ffdbab1b89312239de97791bf7e64e241c0bfb9
                                                                                                                                                      • Instruction ID: ceb210dfb5b6f8a2a08b1ef784be60972b1cf98ee0e216d909af0c8da3222829
                                                                                                                                                      • Opcode Fuzzy Hash: a01d6d3abadbf97d7934b49d5ffdbab1b89312239de97791bf7e64e241c0bfb9
                                                                                                                                                      • Instruction Fuzzy Hash: 1C11573160464D5BC720DF69E8909DF73EEAFC5218B048E68E5465B724DF70BD0A8BD1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A938F60, Relevance: .1, Instructions: 58COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 8914d8e2c0f93d413a2885001cc0398b929eea3f308789b22235cb941405110f
                                                                                                                                                      • Instruction ID: a2e761aae059da7316130d5e617222b79be69ad9e909bd5fc0efc6384ac07e9b
                                                                                                                                                      • Opcode Fuzzy Hash: 8914d8e2c0f93d413a2885001cc0398b929eea3f308789b22235cb941405110f
                                                                                                                                                      • Instruction Fuzzy Hash: 3901A973B002285F8B14DE96D8509AFB7BEFFC4660B05C92AE605AB244CB75EC009BD1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 04F3D81F, Relevance: .1, Instructions: 58COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.349772285.0000000004F3D000.00000040.00000001.sdmp, Offset: 04F3D000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 3b129a33a03cc1e3cad9c3ab3675ed762fbe3e40cdad30ae5f82ced4256426cf
                                                                                                                                                      • Instruction ID: 0ea89f548c28e2b7f7bb5b6904680a117776f603b9b00060375f56a31628c713
                                                                                                                                                      • Opcode Fuzzy Hash: 3b129a33a03cc1e3cad9c3ab3675ed762fbe3e40cdad30ae5f82ced4256426cf
                                                                                                                                                      • Instruction Fuzzy Hash: 2621A276904280DFCF16CF14D9C4B16BF71FB88314F2486A9D9480B656C33AE466CFA1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93AC43, Relevance: .1, Instructions: 57COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: a0fa81ec263aa3db5c427c8dabe70f3388814f26e1bd26af9fe753e5761a2afd
                                                                                                                                                      • Instruction ID: e61239cf900afba65a79c4e1baa823cdb7c18444cf8133e120980abb6c3d2717
                                                                                                                                                      • Opcode Fuzzy Hash: a0fa81ec263aa3db5c427c8dabe70f3388814f26e1bd26af9fe753e5761a2afd
                                                                                                                                                      • Instruction Fuzzy Hash: 5C1108327042185FC720EB64D46087EB7FAAFC56457058D69C685AFA21DF36AC0187D2
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0533CD02, Relevance: .1, Instructions: 56COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: d647e26fd0ce91c2ebca1a727551c6efc8e925d8064dabf55384c09e5dbea648
                                                                                                                                                      • Instruction ID: 6bb48d6fd8475fba747ec7be20c52984307813b3a8132b545e3f521444f5e868
                                                                                                                                                      • Opcode Fuzzy Hash: d647e26fd0ce91c2ebca1a727551c6efc8e925d8064dabf55384c09e5dbea648
                                                                                                                                                      • Instruction Fuzzy Hash: 1F11CE343003448FC7159BB0A85576A7BE7FFC921AF14486DE5438F2A0CFB1AC468B51
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93D4B0, Relevance: .1, Instructions: 56COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 4b449fceacf1fa687e9919fc64d0eb97ad3b4cd18bcf8fa2099dba68550ce29f
                                                                                                                                                      • Instruction ID: d350191b693f4bfd86dc490c5fa72ef03ed9ebf8add734c9aee92410bff3a469
                                                                                                                                                      • Opcode Fuzzy Hash: 4b449fceacf1fa687e9919fc64d0eb97ad3b4cd18bcf8fa2099dba68550ce29f
                                                                                                                                                      • Instruction Fuzzy Hash: 04113675B006049F8334DF69D894857B7FAAB882243148F69E45AC77A5EB30FC068BA0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 04F3D4D7, Relevance: .1, Instructions: 56COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.349772285.0000000004F3D000.00000040.00000001.sdmp, Offset: 04F3D000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 26050ac9a710059c9b477200a138371d2ae940eb4f2ea16139302a11668e0a51
                                                                                                                                                      • Instruction ID: 2c90f4d17d6c2e018d7f72ff57329e3895026493c4aca02f17e061dd2269889a
                                                                                                                                                      • Opcode Fuzzy Hash: 26050ac9a710059c9b477200a138371d2ae940eb4f2ea16139302a11668e0a51
                                                                                                                                                      • Instruction Fuzzy Hash: 4611D376904280CFCB16CF10D5C4B16BF72FB84328F24C6A9D8094B656C336E55ACBA2
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 04F4D3EF, Relevance: .1, Instructions: 53COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.349797331.0000000004F4D000.00000040.00000001.sdmp, Offset: 04F4D000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 7c2294b66a47df8048f3541386f3242a762010af1a421789276100545afd650a
                                                                                                                                                      • Instruction ID: 1b34104b09409bb60c1806000bea3e747c2002070872b7fca5511e8502810012
                                                                                                                                                      • Opcode Fuzzy Hash: 7c2294b66a47df8048f3541386f3242a762010af1a421789276100545afd650a
                                                                                                                                                      • Instruction Fuzzy Hash: 77118F76905280DFDB11CF14D5C4B1AFF71FB84324F28C6AAD8494B656C33AE44ACBA2
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 04F4D59F, Relevance: .1, Instructions: 53COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.349797331.0000000004F4D000.00000040.00000001.sdmp, Offset: 04F4D000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: abe3a79b71d5a6ab5434c2c550ac10f7a27ed0520e362bee17f3833a5207920d
                                                                                                                                                      • Instruction ID: 7eba1c84ba797aa9622a35f908b3e16dbcafcaf35638343114944257733ffa95
                                                                                                                                                      • Opcode Fuzzy Hash: abe3a79b71d5a6ab5434c2c550ac10f7a27ed0520e362bee17f3833a5207920d
                                                                                                                                                      • Instruction Fuzzy Hash: 5D11BB75904284CFDB01CF14D6D4B15BFA1FB84328F28C6AAD8494B656C73AE44ACF61
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A931658, Relevance: .1, Instructions: 53COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 14b66959699a46abdaec968f056e56b750078f8b7df2eef7937d984dbc251952
                                                                                                                                                      • Instruction ID: 2c9715c592769b31a677b2430cc519ecfd3ae3e9938f0df7aea5559c5ea422c8
                                                                                                                                                      • Opcode Fuzzy Hash: 14b66959699a46abdaec968f056e56b750078f8b7df2eef7937d984dbc251952
                                                                                                                                                      • Instruction Fuzzy Hash: 4C11CE36A002459FCF44DFB5D8188BFBFF9EBC8300B14856AD509D7261E6308905CBA1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 05333F4A, Relevance: .1, Instructions: 52COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: b0ae81062e3cee3f6b8df5826f03acbed5d92959c354a80e1977fddea0e158e7
                                                                                                                                                      • Instruction ID: 2c27dc981dd4be119f7637d7487c661e67da8f1878cfdbc52d6edb4cdcf7902b
                                                                                                                                                      • Opcode Fuzzy Hash: b0ae81062e3cee3f6b8df5826f03acbed5d92959c354a80e1977fddea0e158e7
                                                                                                                                                      • Instruction Fuzzy Hash: 7801E1B12041454B9B08A774E5A01BEBBFBEFC421A7888E2CE54BCF684DE317C078791
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0533CD10, Relevance: .1, Instructions: 51COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 88f1f9d9ec36f488ad373da8838c74410825926206b0e50cb71075c302adf700
                                                                                                                                                      • Instruction ID: 0be89867ca845af21fe204492e5d95bec7a3ccc65a5e8dd07ca80bc0af5fb74a
                                                                                                                                                      • Opcode Fuzzy Hash: 88f1f9d9ec36f488ad373da8838c74410825926206b0e50cb71075c302adf700
                                                                                                                                                      • Instruction Fuzzy Hash: 3E018E343007489FC7149BB5A85572AB7EBEFC921AF14482CE5479B790CFB1BC468791
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0533F338, Relevance: .1, Instructions: 51COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 6f2b5624773018d87703a93b6741c7c9b4d6aa46f5e7964f570cc3d4224fe5ac
                                                                                                                                                      • Instruction ID: 2c30ec748ea9b07aef2644cf49402dcf34e7532fcdffc898c49650ab8fc03e82
                                                                                                                                                      • Opcode Fuzzy Hash: 6f2b5624773018d87703a93b6741c7c9b4d6aa46f5e7964f570cc3d4224fe5ac
                                                                                                                                                      • Instruction Fuzzy Hash: 93116931B402108FCB14DFA9D889DA9BBB9FF9972075640A9E805DB372C771EC41CB90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93F690, Relevance: .1, Instructions: 51COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 60fa1e9a0bdbfbd0011e8b750aa34278cd0600a53a239b3d52344c32d53a200c
                                                                                                                                                      • Instruction ID: c99310d31b617b4e394a42a21b95a5048c728eebc9209dbb443ce98b39d39c6c
                                                                                                                                                      • Opcode Fuzzy Hash: 60fa1e9a0bdbfbd0011e8b750aa34278cd0600a53a239b3d52344c32d53a200c
                                                                                                                                                      • Instruction Fuzzy Hash: 8201AD32A4D2C29FCB02CBB8D862699BFB0EE0720070900EAC585DF153E6305A55CBE2
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A931668, Relevance: .0, Instructions: 50COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: d32f1580067bd3bf16d658041d5a82a287271f9268983628f9f39871cc8f0695
                                                                                                                                                      • Instruction ID: 477cbf22f084d9c7689470102b4de75f1a9cdef2dbf8f40eb6ea973252222f09
                                                                                                                                                      • Opcode Fuzzy Hash: d32f1580067bd3bf16d658041d5a82a287271f9268983628f9f39871cc8f0695
                                                                                                                                                      • Instruction Fuzzy Hash: 42115E767002199F8F44DFA5D8488AEBBFAFBC8710714852AE909D7250EB309905CBD1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A932FF0, Relevance: .0, Instructions: 50COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 121f0a5ddcc1aa0b2ea6c905b40f5665629ce585f02a4481c2db3c810620d982
                                                                                                                                                      • Instruction ID: c1fb33d722d5877f3c558e9655bc8a744d683005049907afed592922de5e3ad2
                                                                                                                                                      • Opcode Fuzzy Hash: 121f0a5ddcc1aa0b2ea6c905b40f5665629ce585f02a4481c2db3c810620d982
                                                                                                                                                      • Instruction Fuzzy Hash: 8A1170356002099FC704DF68D884D9EBBF6FF89324B1485A9E909DB361CB71ED06CB90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93BCA0, Relevance: .0, Instructions: 50COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: d5da0a0358d06002e19183f603952b740d41da9de186d6e1fb1eb296f7b3a91e
                                                                                                                                                      • Instruction ID: fd469b1198f3ca1a319a6eb1bd94631e808ebc4882efe5feb0d9dc81b99b29ab
                                                                                                                                                      • Opcode Fuzzy Hash: d5da0a0358d06002e19183f603952b740d41da9de186d6e1fb1eb296f7b3a91e
                                                                                                                                                      • Instruction Fuzzy Hash: F8018472B0011D5F9B14EAA9AC40AFFF7FDEBC4250F10443AD615D3240DB719D1587A1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0533B92F, Relevance: .0, Instructions: 47COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 10cd765a9c377bd45b9acbc8ead36f1e9f6589d0fe6594a11c4282b21d721fd7
                                                                                                                                                      • Instruction ID: c5b6c41e0013d7313d439154a2eb4d2626073a33bc3f2b301bf1bf695945ed57
                                                                                                                                                      • Opcode Fuzzy Hash: 10cd765a9c377bd45b9acbc8ead36f1e9f6589d0fe6594a11c4282b21d721fd7
                                                                                                                                                      • Instruction Fuzzy Hash: 1701FC30A0071A9FC714DF64D8A199EBBF9FFC12187144969D482DB260EB706C06CBD1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93C350, Relevance: .0, Instructions: 47COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 4d51abd6d0ef472e822df52ecf6c8ea5c1495e9557105f88ee98f4491b4b4eec
                                                                                                                                                      • Instruction ID: 87e13347cb19a391bef96b1acb943663e062c412f354a260a56bede7ccd4043d
                                                                                                                                                      • Opcode Fuzzy Hash: 4d51abd6d0ef472e822df52ecf6c8ea5c1495e9557105f88ee98f4491b4b4eec
                                                                                                                                                      • Instruction Fuzzy Hash: C311AF76E005199BCB44DFA9C9849EEFBF5AF48310F1484AAD919B7200D735A985CF90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93A0C8, Relevance: .0, Instructions: 47COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: e808ed1fe705bef86b6581eaf2af9a72b2e7e2249278a6a0629e198054ffecc4
                                                                                                                                                      • Instruction ID: e88cad8ccaee067b8f9fcba9198320670f243a96316ddc4afa95ecbebdf76231
                                                                                                                                                      • Opcode Fuzzy Hash: e808ed1fe705bef86b6581eaf2af9a72b2e7e2249278a6a0629e198054ffecc4
                                                                                                                                                      • Instruction Fuzzy Hash: 290175323086809FC725CB69D894C65BFF6FF8A2243180599E1CAC7771C722EC51CB10
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 05333F58, Relevance: .0, Instructions: 46COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 328cb1669e8a9321294fb920ff885a474de2e6eb551488a7369d8802648eb7c1
                                                                                                                                                      • Instruction ID: 32f299781cdf1b3998c18d508971bd8d93d8d7ef92972117164cab7204a483bf
                                                                                                                                                      • Opcode Fuzzy Hash: 328cb1669e8a9321294fb920ff885a474de2e6eb551488a7369d8802648eb7c1
                                                                                                                                                      • Instruction Fuzzy Hash: D401BCB43002464B9A08A775E5A40BEB7EBEFC421A3888E2CE54B8F644DE317C074B91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93C340, Relevance: .0, Instructions: 46COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 3e312f0df1a1780869dc56dd0b7b47befa3e26f9c7f10806a478da83b113d159
                                                                                                                                                      • Instruction ID: ef7c115b6f5d7dee41d98a7b674cc9b765a59563a965408e7d7f73c875c6e2e3
                                                                                                                                                      • Opcode Fuzzy Hash: 3e312f0df1a1780869dc56dd0b7b47befa3e26f9c7f10806a478da83b113d159
                                                                                                                                                      • Instruction Fuzzy Hash: DD11D276E006199FCB00CF98C584AEEFBF1FF48310F1485AAD819A7211D735A995CF94
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0533C480, Relevance: .0, Instructions: 45COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 6c5c97735c352ad36ab4f21d8de9e1e1b44ed8e49f96841b6481b7fa41a54cbc
                                                                                                                                                      • Instruction ID: 1aa09333bee5d23368abe1ef3e00e33cab478cbaa751b34578c155a5565f145a
                                                                                                                                                      • Opcode Fuzzy Hash: 6c5c97735c352ad36ab4f21d8de9e1e1b44ed8e49f96841b6481b7fa41a54cbc
                                                                                                                                                      • Instruction Fuzzy Hash: 1D01BC35300605CFC704CF28E5558E9B7F6FF8521530598AAE406CB631DBB0EC01CB90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 05337288, Relevance: .0, Instructions: 45COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 85cded29bfb08ef1202ea7ff588f6404ad0e5bb3d09dc737ef82e52d7efb7442
                                                                                                                                                      • Instruction ID: 27a853fc4f0554e68e508b838c4e41d75e99d7690dd378a1c52d07453c4c9c8d
                                                                                                                                                      • Opcode Fuzzy Hash: 85cded29bfb08ef1202ea7ff588f6404ad0e5bb3d09dc737ef82e52d7efb7442
                                                                                                                                                      • Instruction Fuzzy Hash: 3D01FCB4B493458FC7059F74D42926A7FBADB86205B1848FEE846CB352EE3A9D03C741
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93D550, Relevance: .0, Instructions: 45COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 4b87292ef3dba50546da9ac9adad6342f9bc744bb8da75793322c230332b2b71
                                                                                                                                                      • Instruction ID: 799f305a7d10121f221dc5d9da9ee65e73022720dd9eb936fab5992b74778e53
                                                                                                                                                      • Opcode Fuzzy Hash: 4b87292ef3dba50546da9ac9adad6342f9bc744bb8da75793322c230332b2b71
                                                                                                                                                      • Instruction Fuzzy Hash: CB01783A3042904FC3125338A42807D3FEACFDB12536888AED406CB355CE388C07D741
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 04F3DAF5, Relevance: .0, Instructions: 45COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.349772285.0000000004F3D000.00000040.00000001.sdmp, Offset: 04F3D000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 420ba61fb39f8bdf51a83fdfe596c805a15b9115bf3d5b6c8d5194372b18cdaa
                                                                                                                                                      • Instruction ID: 902df5a1e77b4796a0ccba5c368d2ef1cf6f6466e17bf3c8a0e9e11f310ad016
                                                                                                                                                      • Opcode Fuzzy Hash: 420ba61fb39f8bdf51a83fdfe596c805a15b9115bf3d5b6c8d5194372b18cdaa
                                                                                                                                                      • Instruction Fuzzy Hash: 7201F7329043449AD7504E65D9847A6FBDCEF41225F08889AE9041B282D774A845CAB1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A933A98, Relevance: .0, Instructions: 41COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: a02e48bb7b3faff125fddda7f46c279c4458eb94e2e6a267608eb05be0c98ffb
                                                                                                                                                      • Instruction ID: c357f0b4d79ccf7be4969e6b9c3d7193858a16a0ae058e979587d5cc31b49dc9
                                                                                                                                                      • Opcode Fuzzy Hash: a02e48bb7b3faff125fddda7f46c279c4458eb94e2e6a267608eb05be0c98ffb
                                                                                                                                                      • Instruction Fuzzy Hash: B3F0B433B582158F8B48CEB8B4144AF77ECEB84165B1440BBE10DCB650EB36E941CB81
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93DD80, Relevance: .0, Instructions: 39COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 1cfec45bf5b51679c802fe3ca0d179b270d3cfaeb7535d33be089e67ad1e64dc
                                                                                                                                                      • Instruction ID: 34c2ec672eb9bd8259e944a66351977a9a54b05d77a14bb155b06e6aa64323de
                                                                                                                                                      • Opcode Fuzzy Hash: 1cfec45bf5b51679c802fe3ca0d179b270d3cfaeb7535d33be089e67ad1e64dc
                                                                                                                                                      • Instruction Fuzzy Hash: ADF0F0369156058FC700EF68D8612EDBFB4EF0A21070848EAC859DF202E6314E81CB91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A939F7A, Relevance: .0, Instructions: 38COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: c119a7f058a8902c4df92f6e4a51383cbe0e07931f6a482b8342c82763c79dbe
                                                                                                                                                      • Instruction ID: e5c838a2470a9a2a615f77386096daf9aa9fead36228dc2dec5c15386480d191
                                                                                                                                                      • Opcode Fuzzy Hash: c119a7f058a8902c4df92f6e4a51383cbe0e07931f6a482b8342c82763c79dbe
                                                                                                                                                      • Instruction Fuzzy Hash: 19017131508B418FC365CF69D88468AFBF5AFC5304F048E6ED18ADB675DB70A909CB91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 05334057, Relevance: .0, Instructions: 37COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: e2f8ac082c7007eb47f7a9060ae3c1b17adb1fec42ea5e716b90667354b1cc94
                                                                                                                                                      • Instruction ID: 4ef782537040fda159236a981b540624fea84547bcdcd7f5d55de8039fbce0d2
                                                                                                                                                      • Opcode Fuzzy Hash: e2f8ac082c7007eb47f7a9060ae3c1b17adb1fec42ea5e716b90667354b1cc94
                                                                                                                                                      • Instruction Fuzzy Hash: 8F01A2B15117048FDB15CF71D859356BFF5FF48304B44826EE8868A651DF35A806CF85
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0533B800, Relevance: .0, Instructions: 37COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 64ddb0b04403fed5b1962fc702bf233b0e426d024e40c5cb33e4cd977a373959
                                                                                                                                                      • Instruction ID: ba6bc60f77f1849295b77eb845bb5413c78cd3646ab5e722198ee36c351530cf
                                                                                                                                                      • Opcode Fuzzy Hash: 64ddb0b04403fed5b1962fc702bf233b0e426d024e40c5cb33e4cd977a373959
                                                                                                                                                      • Instruction Fuzzy Hash: 7D014631E00219DFCB54DFA9E4054EEBBF5FF88320B00462AD44AE7210D7745A85CBD1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0533C4F4, Relevance: .0, Instructions: 36COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: f21e8ce49ec13712e95e74d99a20cc876b294cc703e253a834ebd708240c10b8
                                                                                                                                                      • Instruction ID: 86b7d740730ebe2c2c93598dbbef78646c201a6784364ba3a01b86291d0a49ad
                                                                                                                                                      • Opcode Fuzzy Hash: f21e8ce49ec13712e95e74d99a20cc876b294cc703e253a834ebd708240c10b8
                                                                                                                                                      • Instruction Fuzzy Hash: 77F02271204108CFD701CF65D4A59A97BA1FFA6340709C4DAE4428F672DB74EC02C750
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0533D70F, Relevance: .0, Instructions: 36COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 65ec62f83219943bdcb89731c160fbff9b20e5e602cf5b85da3182524e4fbbe6
                                                                                                                                                      • Instruction ID: 2a776cdf5dd8c95949ee22ccedf05a88280d7a579b3ed00078e7c4706d3e6481
                                                                                                                                                      • Opcode Fuzzy Hash: 65ec62f83219943bdcb89731c160fbff9b20e5e602cf5b85da3182524e4fbbe6
                                                                                                                                                      • Instruction Fuzzy Hash: A4F0CD31B052048FC7149E65A854AABFBE5EFC5220F1044BED40ACB261D6B18854CB90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 04F3DAF4, Relevance: .0, Instructions: 36COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.349772285.0000000004F3D000.00000040.00000001.sdmp, Offset: 04F3D000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 1d204c5f41f1cbd1ac940b56499ed1b44e72e428a6742af0f71cf15a76295b0b
                                                                                                                                                      • Instruction ID: abaf12dadef5f3dce5d7b594830c3eb96ea2416fc7f7f2b03d8c62da3f9a90ef
                                                                                                                                                      • Opcode Fuzzy Hash: 1d204c5f41f1cbd1ac940b56499ed1b44e72e428a6742af0f71cf15a76295b0b
                                                                                                                                                      • Instruction Fuzzy Hash: 77F06271804284AEEB508E16DDC4BA2FBD8EB41735F18C49AED085F786C378A845CAB1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 05333239, Relevance: .0, Instructions: 35COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: e99f21b0cb526ed601758bb0b81bab91f6956c1d4b1d818fd425ad6c4106819c
                                                                                                                                                      • Instruction ID: 565925525a8f6b230068d3d69b67349c63436568dd525c1c0b66e3c9b626f5dc
                                                                                                                                                      • Opcode Fuzzy Hash: e99f21b0cb526ed601758bb0b81bab91f6956c1d4b1d818fd425ad6c4106819c
                                                                                                                                                      • Instruction Fuzzy Hash: 8F018F70A10148AFCB40EFB8F96A69CBFF9AB49309F5004A9E406AB314EF315F05CB51
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 05333859, Relevance: .0, Instructions: 35COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 096bdd510cdbb85421acf2ac0712e44327dfd1c403d171492b1ab0d116899f2e
                                                                                                                                                      • Instruction ID: 1cace98799977266611e4d86d6571d4a0d0a98fad952a19de6848ce330fbe1c0
                                                                                                                                                      • Opcode Fuzzy Hash: 096bdd510cdbb85421acf2ac0712e44327dfd1c403d171492b1ab0d116899f2e
                                                                                                                                                      • Instruction Fuzzy Hash: B0F0B4B67081145FE709CA98E8117E97BE9D784315F284066E009C7380DB62DD02C750
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 05330A23, Relevance: .0, Instructions: 34COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 6504f03a2a583568bb3466c8d4c2b338c937d9fdf93ac83275dd2758ba0aa27b
                                                                                                                                                      • Instruction ID: 5166c3e9762644bfd66ab0132683a5e296360b98a8c5b6deb1da7c789b287fea
                                                                                                                                                      • Opcode Fuzzy Hash: 6504f03a2a583568bb3466c8d4c2b338c937d9fdf93ac83275dd2758ba0aa27b
                                                                                                                                                      • Instruction Fuzzy Hash: 4AF0EC75E012199FCB48EFB9E8191AEBBF5EF88250B109065D91AE7340EB345D11CBD1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0533D430, Relevance: .0, Instructions: 34COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: fc9d7ce434e2ea08b2c9d51868c7c1590d784b4dcbe03bad7588ea7026c68a33
                                                                                                                                                      • Instruction ID: f1de6d7291829d7324e2a9e185703db61b13bedfc366caa9fa133937c9be21b9
                                                                                                                                                      • Opcode Fuzzy Hash: fc9d7ce434e2ea08b2c9d51868c7c1590d784b4dcbe03bad7588ea7026c68a33
                                                                                                                                                      • Instruction Fuzzy Hash: 44F03232B003088BCB18DB99D4519DDBBF6EF8A311F20016AEA4AEB364C7306D11CB91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0533BA01, Relevance: .0, Instructions: 34COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 88892166e435fc86b7f1009bd216a9d100699911da7adc4d5b2b82be3ef5e84a
                                                                                                                                                      • Instruction ID: 87bd3dcda59d85954e4a73a68ca5bbcebff514e1f79f743c25009840da89ea98
                                                                                                                                                      • Opcode Fuzzy Hash: 88892166e435fc86b7f1009bd216a9d100699911da7adc4d5b2b82be3ef5e84a
                                                                                                                                                      • Instruction Fuzzy Hash: C8F0E9323496968FC3158F68D814899BBF5AF8262030946AEE449DB372CB20ED81CBC0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93D264, Relevance: .0, Instructions: 34COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 5bf0823fae47b47bcdb473829a60f837a0984ebfefcd3c7d6e234143e0438afa
                                                                                                                                                      • Instruction ID: f69739b2d9ffbcf297c14f8f24c4a97ca45680e34e62493ad8b2d939d611a421
                                                                                                                                                      • Opcode Fuzzy Hash: 5bf0823fae47b47bcdb473829a60f837a0984ebfefcd3c7d6e234143e0438afa
                                                                                                                                                      • Instruction Fuzzy Hash: 79019275E01249EBCB54CF98D59499DFBB2FB84304F15C816E919AB225D730E985CB80
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 05333140, Relevance: .0, Instructions: 33COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 6f1b8f38a5aa9e7d1466446decabc4cdfbdc1b4c9768b30e4a4768a2d7b44d15
                                                                                                                                                      • Instruction ID: a00fc4ab359362f1c39dc48bc60284372b9d17495d35bbc440f36b8d985e61fe
                                                                                                                                                      • Opcode Fuzzy Hash: 6f1b8f38a5aa9e7d1466446decabc4cdfbdc1b4c9768b30e4a4768a2d7b44d15
                                                                                                                                                      • Instruction Fuzzy Hash: CCF096716142058BE764EF64D50A76277DDEB44305F008C39D51BCA780DBB9D581CB61
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93D26D, Relevance: .0, Instructions: 33COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: c86b7af786f1b15957c7769925cad1fdddf8a68a2619199a0f95769a35641f59
                                                                                                                                                      • Instruction ID: ed2027907a61b59ddf8301bb142448e07cf483cda946df2d06fc5903868853d1
                                                                                                                                                      • Opcode Fuzzy Hash: c86b7af786f1b15957c7769925cad1fdddf8a68a2619199a0f95769a35641f59
                                                                                                                                                      • Instruction Fuzzy Hash: F901AF35E01248ABCB44CF98D99089DF7B2FB84304F15C866E919AB225DB30ED85CB80
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 05333248, Relevance: .0, Instructions: 32COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: a8845ab7e7f413ed13c6b4165eca7dcf6ee3462f1006be21c3f4c3d660abad85
                                                                                                                                                      • Instruction ID: 616fe3ccd417343901633cd8b7d56afede1efd8fc17eb0337ae7cb6cc10a1976
                                                                                                                                                      • Opcode Fuzzy Hash: a8845ab7e7f413ed13c6b4165eca7dcf6ee3462f1006be21c3f4c3d660abad85
                                                                                                                                                      • Instruction Fuzzy Hash: CEF01D74A10108EFCB44EFB4E5AA55CBBF9EB45309F5054A9E406AB350EF315E058B51
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0533A700, Relevance: .0, Instructions: 31COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: ee4a8c7e61d206ba69397559dd752e69948b7279df6e02d805625914bf2c724e
                                                                                                                                                      • Instruction ID: c49bee7cad1173f154db275d497db17f358b7bc254de20a2e76edc55ac929efe
                                                                                                                                                      • Opcode Fuzzy Hash: ee4a8c7e61d206ba69397559dd752e69948b7279df6e02d805625914bf2c724e
                                                                                                                                                      • Instruction Fuzzy Hash: 2CF0E23664C3C84FD7138BA4A8A13D53FB9AB0A114F0404DBC1D0CB516C668044AC7AA
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0533D3FD, Relevance: .0, Instructions: 31COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 97f3df5f5b36273cb89bcdbbd70355ddf4709c25e36484882ced69c16742b691
                                                                                                                                                      • Instruction ID: e4f62add926ff5cd889c5db106a843e4b4909819af13e4ad11fb0c0f600a68a6
                                                                                                                                                      • Opcode Fuzzy Hash: 97f3df5f5b36273cb89bcdbbd70355ddf4709c25e36484882ced69c16742b691
                                                                                                                                                      • Instruction Fuzzy Hash: 0C01C435A11219AFDF00DF90D855FEEBBB2BF49304F148415E802BB2A0CB75A990DF60
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0533B810, Relevance: .0, Instructions: 31COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 7ed69ed1af76306479c552d6f34677c38b6e004762faebdd846d17c4c4f15ad2
                                                                                                                                                      • Instruction ID: 83a7c0c2db6566e5e5d4259fa3cc6049bc640c8992958ff7a13046efc5d3b953
                                                                                                                                                      • Opcode Fuzzy Hash: 7ed69ed1af76306479c552d6f34677c38b6e004762faebdd846d17c4c4f15ad2
                                                                                                                                                      • Instruction Fuzzy Hash: 16F0F471A0021D9FCB50EFA9D4049DEBBF9FF88711B004A2AD45AE7340D7746A458B95
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93F0A3, Relevance: .0, Instructions: 31COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 1eee85434ed466d1b81af6655bd0360e5fb15f91cf7f065e9b65f848c762b1f1
                                                                                                                                                      • Instruction ID: 84ef0d758512b1f82407fb61fb24b226c6d550ebc04412eed91a17d757bec7f9
                                                                                                                                                      • Opcode Fuzzy Hash: 1eee85434ed466d1b81af6655bd0360e5fb15f91cf7f065e9b65f848c762b1f1
                                                                                                                                                      • Instruction Fuzzy Hash: 96F090B18093849FC701DF78D8596A9BFF4EF07210F0980EAC485DB143E7344A04CB91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93AD13, Relevance: .0, Instructions: 30COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: ee4493e4ef5690f16980ca5e98cb4d6b5316b0bfacc9c3eff7379d225387cbb6
                                                                                                                                                      • Instruction ID: d338f2e32a9561a87cbd13d9ce869685efeb19f81e4a44fe6e678ed3d68f8c62
                                                                                                                                                      • Opcode Fuzzy Hash: ee4493e4ef5690f16980ca5e98cb4d6b5316b0bfacc9c3eff7379d225387cbb6
                                                                                                                                                      • Instruction Fuzzy Hash: E9F03A357002055FC714DB34E490D767BB2FBC931431446AAE88AC7B61EB20AC16CB80
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93AD18, Relevance: .0, Instructions: 30COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: c04730cdd63c458e539c69641df99b08fc5a965a082b99772a0a093a437b2101
                                                                                                                                                      • Instruction ID: 734ff48b1daa94c129ccfb71fbfcc9fab63170fffc7cfb28052dea2016b95a8e
                                                                                                                                                      • Opcode Fuzzy Hash: c04730cdd63c458e539c69641df99b08fc5a965a082b99772a0a093a437b2101
                                                                                                                                                      • Instruction Fuzzy Hash: 02F058353002059FC314DB39E880C26B7F6FBC971430446AAD84AC7B61EB60FC06CB80
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 05337FA4, Relevance: .0, Instructions: 29COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 30cfdf2a4458ad59a2ef1a2e33b8f7e7f491af1d881a65d6fdeb73be87176c2a
                                                                                                                                                      • Instruction ID: e3ce97ca88d478f8d799b65e5326a9d0df2a1e069870a817ccd973fb63dda224
                                                                                                                                                      • Opcode Fuzzy Hash: 30cfdf2a4458ad59a2ef1a2e33b8f7e7f491af1d881a65d6fdeb73be87176c2a
                                                                                                                                                      • Instruction Fuzzy Hash: 60F0E97090D7484FC310EBB5E8560567BD9DD86105348CCEAD0868E570EBB0A9068391
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93E5A0, Relevance: .0, Instructions: 29COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 115d514e471be6ad48536a4379d0a05c63f292d5f3eddb4f1eb95887cbd65142
                                                                                                                                                      • Instruction ID: a53c5cb4dea9b0599836de22e87b5ec13cbaa930f3b9d78bd1966046c81060b2
                                                                                                                                                      • Opcode Fuzzy Hash: 115d514e471be6ad48536a4379d0a05c63f292d5f3eddb4f1eb95887cbd65142
                                                                                                                                                      • Instruction Fuzzy Hash: CAE065B2D01109DFCB40DFA8E8555FAFBB8EF05200B054569D40AD7200EB319B01CB90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 05333FF8, Relevance: .0, Instructions: 28COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 0f0cf34b33318d9fd2c56881d68ae1a2af98a1fc8b4b304b000c5634832eafee
                                                                                                                                                      • Instruction ID: b084f080778511d8f9c50225994084e8cf9afe6d33e18c3e590be8c5b8d7bf44
                                                                                                                                                      • Opcode Fuzzy Hash: 0f0cf34b33318d9fd2c56881d68ae1a2af98a1fc8b4b304b000c5634832eafee
                                                                                                                                                      • Instruction Fuzzy Hash: A9F0BE702043948FC711DB78E49566A7FFAEB86309F0408A9E18A8B611CE76AC098792
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0533BA10, Relevance: .0, Instructions: 28COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 95f6228dbb3de38d6a76e58bd2328072d9ffc0082df7913e94fc574d9f88a25c
                                                                                                                                                      • Instruction ID: efccc13eb9a4fc01113f4ba7d4ad4a13f1fd683cd554d474f0b2dd9189bd6e78
                                                                                                                                                      • Opcode Fuzzy Hash: 95f6228dbb3de38d6a76e58bd2328072d9ffc0082df7913e94fc574d9f88a25c
                                                                                                                                                      • Instruction Fuzzy Hash: D3F0E5323059665FC3049F68D400C49B7F9EF8162030982A9E4099B321CF20ED81CBC0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 05334068, Relevance: .0, Instructions: 27COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 6ce86bc7e215301d03aa97f7fb4e66c562c48072f92d4945e901aa24e44de0f4
                                                                                                                                                      • Instruction ID: 12de2bfd399a96d72fe030d795a44bb5a4df9bccd064d377e58851ebfe1a672b
                                                                                                                                                      • Opcode Fuzzy Hash: 6ce86bc7e215301d03aa97f7fb4e66c562c48072f92d4945e901aa24e44de0f4
                                                                                                                                                      • Instruction Fuzzy Hash: 93F090B0511B048FDB14DF62D409556FFF9FB88300B00862EF88A87A50DF75A805CF84
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0533B7A0, Relevance: .0, Instructions: 27COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 715470ee4dab1f1a8c0ed4f9a4ddaf859fafad1f47450db8979a93a21555a5c6
                                                                                                                                                      • Instruction ID: 04860a4ffd0f1fc112b216d9d461e2463d255c63ed54df9dbbb62eddb6e31727
                                                                                                                                                      • Opcode Fuzzy Hash: 715470ee4dab1f1a8c0ed4f9a4ddaf859fafad1f47450db8979a93a21555a5c6
                                                                                                                                                      • Instruction Fuzzy Hash: 45E02B753082989BDB1457B4EC654AA7BA9DBC832A34408BFE50AC7301EF790C06C391
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0533B7B0, Relevance: .0, Instructions: 26COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: c64933e4e5e754e8d4aaa3df93a68dada037ba59ce8a09233f37ebabe746b30e
                                                                                                                                                      • Instruction ID: b043a8853aaeea3df763d1c2a31cd26bd26a6e4df9858546733f8bc8e5fb5725
                                                                                                                                                      • Opcode Fuzzy Hash: c64933e4e5e754e8d4aaa3df93a68dada037ba59ce8a09233f37ebabe746b30e
                                                                                                                                                      • Instruction Fuzzy Hash: 45E0203530415427DA1467EAFC5885FBB9ED7C83297400875FA0A87300DF755C0543E1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 05333868, Relevance: .0, Instructions: 26COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 48b8aab54c88779bd6579fea07aedce7a44066050abf0236f6c4546483046062
                                                                                                                                                      • Instruction ID: b8b9e0fbde557824f2c2a6a0b620d9a63ed6d262f7070303f05c0356cf944ae2
                                                                                                                                                      • Opcode Fuzzy Hash: 48b8aab54c88779bd6579fea07aedce7a44066050abf0236f6c4546483046062
                                                                                                                                                      • Instruction Fuzzy Hash: C1E092716082186BD749C6ACD85179A7FEDDB49314F1884AAD409C7380DBB2D942C790
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93C8A8, Relevance: .0, Instructions: 26COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 9f01dd729e4feb21a9c125ed2ac23949ec3f3fa836339c25154f112d94257581
                                                                                                                                                      • Instruction ID: b24dbce022fa2435112da58400861ca82ebf776c52a811a9b5edbc7b8ceabb9a
                                                                                                                                                      • Opcode Fuzzy Hash: 9f01dd729e4feb21a9c125ed2ac23949ec3f3fa836339c25154f112d94257581
                                                                                                                                                      • Instruction Fuzzy Hash: D3E092B2D001199F8740EFB8D8061E9BBF4FF45300B104469D51ADB201EB314B06CBD0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93AFD8, Relevance: .0, Instructions: 26COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 8abe9e393dc6147bc55a4b67e05049b1adbe59ce8e7c1a4d41bd60b4b5839397
                                                                                                                                                      • Instruction ID: 8c6b90aa41974d44d7ba43d554084793a1e3d70f9be5e782ab468dc082b20068
                                                                                                                                                      • Opcode Fuzzy Hash: 8abe9e393dc6147bc55a4b67e05049b1adbe59ce8e7c1a4d41bd60b4b5839397
                                                                                                                                                      • Instruction Fuzzy Hash: 52E065357042A90F8715EB74C4605AC3FF59ECA11430509DBC5889F627DD206C058795
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93D458, Relevance: .0, Instructions: 25COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: fcdab753fa6f103e59daef5dd83fead97e0968726802ff869ddeebb98f479855
                                                                                                                                                      • Instruction ID: 4024cf1ff1b2456dae58fc5cc285d792213dd0118f7af19c6c7a072733ac4e53
                                                                                                                                                      • Opcode Fuzzy Hash: fcdab753fa6f103e59daef5dd83fead97e0968726802ff869ddeebb98f479855
                                                                                                                                                      • Instruction Fuzzy Hash: 92E06DB1D00215AFCB40DFB8E9462D9BBF4EB0A250B1245A5D90EDB201E7318A05CBC1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 05330A93, Relevance: .0, Instructions: 24COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 8a33037ded659f6db19e481476d95fd83791c2e600f7fecfdc313aec14707705
                                                                                                                                                      • Instruction ID: 0b3bc982f0508d67d90a931d532545ff80468dfcaf75bf8b813c1ba9ca126943
                                                                                                                                                      • Opcode Fuzzy Hash: 8a33037ded659f6db19e481476d95fd83791c2e600f7fecfdc313aec14707705
                                                                                                                                                      • Instruction Fuzzy Hash: 5BE08639B012149FDB14DBB8E40467573D9EF88A79B0594B9E409CB321EF76DC0187C0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93C240, Relevance: .0, Instructions: 24COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: fa808c335f4077d719c405a8121f72b011ada29bd42ef8070c3c517cba304b51
                                                                                                                                                      • Instruction ID: 56388297eaf46cfd884dffab25f9da3d30ab6c974ca773cfa3f7e01dcfa325e8
                                                                                                                                                      • Opcode Fuzzy Hash: fa808c335f4077d719c405a8121f72b011ada29bd42ef8070c3c517cba304b51
                                                                                                                                                      • Instruction Fuzzy Hash: 42E0ED71E10218DFCB94EFB9D5419AEBBF5FF49210B1085AAE519EB350E7319E14CB80
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 05337F58, Relevance: .0, Instructions: 23COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: fa04c33390b3e34d68adc76a90c94bd177e2b4948cdd52784a5546dff96e151a
                                                                                                                                                      • Instruction ID: 31f05d2584890df1557c49f54ae625d675c1f291c58677843becd86f50fce1c0
                                                                                                                                                      • Opcode Fuzzy Hash: fa04c33390b3e34d68adc76a90c94bd177e2b4948cdd52784a5546dff96e151a
                                                                                                                                                      • Instruction Fuzzy Hash: 9BE0D8349047184FC310FBA9E84548E7BDE9EC91193048D7AD14B4B624DF707C0946E6
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93FB31, Relevance: .0, Instructions: 22COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: f69ae8c4e07244fe754466e27726385995808d92e62afb66bdc9d52806cb75af
                                                                                                                                                      • Instruction ID: 4d90536ceda065d47022100080280c61b55f3beb3efca3db62c0667e562683fa
                                                                                                                                                      • Opcode Fuzzy Hash: f69ae8c4e07244fe754466e27726385995808d92e62afb66bdc9d52806cb75af
                                                                                                                                                      • Instruction Fuzzy Hash: 71E01271E01618EF8751EFB8D92559ABBF8FB09610B1044BADA1AE3700E7359A10CBD1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A9349A0, Relevance: .0, Instructions: 22COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 708a8e44f25331c9b06731c84a63f6daaf1424bab417ce6cc2b5cbeb3940532e
                                                                                                                                                      • Instruction ID: 2dc95449c7e389135224b9898c7276679711ed6679aa6e08baca5d12842c16f5
                                                                                                                                                      • Opcode Fuzzy Hash: 708a8e44f25331c9b06731c84a63f6daaf1424bab417ce6cc2b5cbeb3940532e
                                                                                                                                                      • Instruction Fuzzy Hash: CDD05E36304250174614554F688843BBA9ED7CD665314813BED0EC3300DEA08C069291
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0533A548, Relevance: .0, Instructions: 21COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: bd07f470b8cf737280a4167152507a918ba1e01e137aa847fd8f721d033b9fcd
                                                                                                                                                      • Instruction ID: aebd509345c71e69b6be545d1e30272145f8caf53920814c1de914db55c620f7
                                                                                                                                                      • Opcode Fuzzy Hash: bd07f470b8cf737280a4167152507a918ba1e01e137aa847fd8f721d033b9fcd
                                                                                                                                                      • Instruction Fuzzy Hash: DBE0C231B440889FCB109BBCE908B957FECAF0A101F8000A2F9C9DB221DA31DD41C7E2
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 05330457, Relevance: .0, Instructions: 21COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: a428d22ccbea2770da1db0f04a29969e74f89b614ca938da4fcf48c551f9776b
                                                                                                                                                      • Instruction ID: d9491d36fa3037a58a2cd0b43cdc81c798a36bd1fb7477dc19f7e84d01209bdb
                                                                                                                                                      • Opcode Fuzzy Hash: a428d22ccbea2770da1db0f04a29969e74f89b614ca938da4fcf48c551f9776b
                                                                                                                                                      • Instruction Fuzzy Hash: 37E08674A0224CEFD740DFB4E99159D7BB4DB42309B1045D9D409DB351EE345F079750
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 05330AA0, Relevance: .0, Instructions: 21COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: f1a44354aaf118a8a82bb537fa47b74ddfe3f8b4778e6d630ff13450108bd4f7
                                                                                                                                                      • Instruction ID: 589e5fa908e97f74f7fea6b2cbe7afa5c45bfb5bb771cc5280a2583031590b30
                                                                                                                                                      • Opcode Fuzzy Hash: f1a44354aaf118a8a82bb537fa47b74ddfe3f8b4778e6d630ff13450108bd4f7
                                                                                                                                                      • Instruction Fuzzy Hash: A5E012357002248F9B58DB79940486977DADF8956931594B9E40ACB721DF76DC1187C0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0533D858, Relevance: .0, Instructions: 19COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 704850cb05284a4ab0caa222f7c7a9613d1e50c28cb0c4b4585673cd1e2a0dca
                                                                                                                                                      • Instruction ID: 75fdc2f0eb5ea88ddc81d0b5cbabd9fb134711e057c815f5919889e628b00e2c
                                                                                                                                                      • Opcode Fuzzy Hash: 704850cb05284a4ab0caa222f7c7a9613d1e50c28cb0c4b4585673cd1e2a0dca
                                                                                                                                                      • Instruction Fuzzy Hash: BBE092B4D0420E9F8B84DFA9D4425BEBFF8AB58300F10816AD919E2240E6745A91CFD5
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A27EE38, Relevance: .0, Instructions: 19COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356259306.000000000A270000.00000040.00000001.sdmp, Offset: 0A270000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: c8ddd21fc0272d37f5fa46b1a5c687851d7b865558f5efe04771864afbed6b24
                                                                                                                                                      • Instruction ID: b7ec66dc5051c3d04cfe9398f1545a08d688733d71334f279a0432308472d73d
                                                                                                                                                      • Opcode Fuzzy Hash: c8ddd21fc0272d37f5fa46b1a5c687851d7b865558f5efe04771864afbed6b24
                                                                                                                                                      • Instruction Fuzzy Hash: 87E0867055D3C6AFC712CF34C5A8A55BFB15F1B210B0988EAE085CB153C334D994D721
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 05336160, Relevance: .0, Instructions: 18COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 899739ca4185d11b4bd682fa8fc9c317fa95daa349b52dc22b32df3238c9d6cf
                                                                                                                                                      • Instruction ID: b0212735e97cc6aa90fce35e1ba0493fa47ff45a7c54ec07a9164b711da8c504
                                                                                                                                                      • Opcode Fuzzy Hash: 899739ca4185d11b4bd682fa8fc9c317fa95daa349b52dc22b32df3238c9d6cf
                                                                                                                                                      • Instruction Fuzzy Hash: 9BE026703082C1AFC742D724E49678C7BE5EB4230AF02549BD0408B281CB385C468BE1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 05335E40, Relevance: .0, Instructions: 18COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 993d98296e513a7769fc5077ef6f03a5e08cf14103b91a04ca27166e9de065cb
                                                                                                                                                      • Instruction ID: 0c258153a7dc7c07e4aec2559e8dc2404ff97556fe2271e910fd7c61a0696012
                                                                                                                                                      • Opcode Fuzzy Hash: 993d98296e513a7769fc5077ef6f03a5e08cf14103b91a04ca27166e9de065cb
                                                                                                                                                      • Instruction Fuzzy Hash: A7D02E7370808447D7089BDCF8203AB2327DBC9326F0800B4D0CCCBB88CA28A883CB80
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93F0C0, Relevance: .0, Instructions: 18COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 7e519a0d7dce420f235185a0ab4b23d288f6ffba376a0fc387d18addb4bb317b
                                                                                                                                                      • Instruction ID: dfa3848dd9dfecdd8599921f7d7af5ad15d4beeaa0706e00f55a3e59f3964795
                                                                                                                                                      • Opcode Fuzzy Hash: 7e519a0d7dce420f235185a0ab4b23d288f6ffba376a0fc387d18addb4bb317b
                                                                                                                                                      • Instruction Fuzzy Hash: 99E0EC71D00219EF8B40EFBDA9051AEBBF8EA09250B1044A6D959E7201E7315A10CBD1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0533B75A, Relevance: .0, Instructions: 17COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 385531c1673c601f6fc6966c68157ce761714a24bd277fa1a1d1537410ae62de
                                                                                                                                                      • Instruction ID: 9fdc0fd77cf40077e264239d43f984a92711f7a01360c034cd7106c51c94dc29
                                                                                                                                                      • Opcode Fuzzy Hash: 385531c1673c601f6fc6966c68157ce761714a24bd277fa1a1d1537410ae62de
                                                                                                                                                      • Instruction Fuzzy Hash: 5EE09A706082888FDB06DB29C51A349BFE2EF40700F0900A6C0408B226EB788941CB00
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 05330468, Relevance: .0, Instructions: 16COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: aca25c07bcde3b6df5ad7b58281ab53350743ac383d93c9d88c1558b3eec7302
                                                                                                                                                      • Instruction ID: 35b3c3d718b73b44cd18f99f839ebfd168331ccc3da9cb7ee6b921957f2e5e40
                                                                                                                                                      • Opcode Fuzzy Hash: aca25c07bcde3b6df5ad7b58281ab53350743ac383d93c9d88c1558b3eec7302
                                                                                                                                                      • Instruction Fuzzy Hash: 2AD01270A0124CEF9740DFA4E94155DB7F9DB8520971045989409E7300EE356E019740
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0533A730, Relevance: .0, Instructions: 16COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 4df90f8f96d21fbccfe27c826125d0d0f715b89a3d792ebca9a6b08e20acabe1
                                                                                                                                                      • Instruction ID: ca0f99c2c2666ce614d4339019ea518ac4347b2f8862ee9d4dea113083b2c33f
                                                                                                                                                      • Opcode Fuzzy Hash: 4df90f8f96d21fbccfe27c826125d0d0f715b89a3d792ebca9a6b08e20acabe1
                                                                                                                                                      • Instruction Fuzzy Hash: EBD02232B0432C6B0704DAE854208DE7BEDCA88438F0004ABC208D7700EEB41A0442DA
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93D9C0, Relevance: .0, Instructions: 16COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: f873d636edc63da5a15009311e2dfe746ae4d6226e87614c4020bbd0ba4654a2
                                                                                                                                                      • Instruction ID: 378230862302abc1c20a8b5e0e0c92b084b511b3cff87751b8c3bed277bfc280
                                                                                                                                                      • Opcode Fuzzy Hash: f873d636edc63da5a15009311e2dfe746ae4d6226e87614c4020bbd0ba4654a2
                                                                                                                                                      • Instruction Fuzzy Hash: 54D01274A0020CEF8740DFA4D95199DF7F9DB4420571045A9D809D7300EF312E009740
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93E4E7, Relevance: .0, Instructions: 16COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 4e871d107241b520ec6684ef434ee88e0cc2df214fd4ac36ffb2a6bf8c1bb0bc
                                                                                                                                                      • Instruction ID: 0dbbd3913d7255c0313e5d2a7ed238cf1c016f0e741c0a91cf55c2caf533d1d8
                                                                                                                                                      • Opcode Fuzzy Hash: 4e871d107241b520ec6684ef434ee88e0cc2df214fd4ac36ffb2a6bf8c1bb0bc
                                                                                                                                                      • Instruction Fuzzy Hash: 33E0EC35603209EBDF24DF60E5597AD7BB7EF40348F240419D50295180EF785940CF40
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A27EE02, Relevance: .0, Instructions: 16COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356259306.000000000A270000.00000040.00000001.sdmp, Offset: 0A270000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 1d7f5398e306ec3e95c9ba34d3297193ac60a0e63707fc15fd8dfb5ebc10ca40
                                                                                                                                                      • Instruction ID: e8820963d2a56101a53e1db87b85b86e8bf52630a0d14e13b2d3bba32dd1e139
                                                                                                                                                      • Opcode Fuzzy Hash: 1d7f5398e306ec3e95c9ba34d3297193ac60a0e63707fc15fd8dfb5ebc10ca40
                                                                                                                                                      • Instruction Fuzzy Hash: F6E05E3520C3C24FE7468F3598A0993BFB09F0B12431A0AEBE088CB133E122D887DB10
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A27EE48, Relevance: .0, Instructions: 16COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356259306.000000000A270000.00000040.00000001.sdmp, Offset: 0A270000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 3a52bb86ab32ca6b84361684453d18e4b381169e10b2d664a4d79b343a3002c8
                                                                                                                                                      • Instruction ID: 5683189306ffe5b9226de46d9b628804c529f8f3ce30652e302219dc4c66da68
                                                                                                                                                      • Opcode Fuzzy Hash: 3a52bb86ab32ca6b84361684453d18e4b381169e10b2d664a4d79b343a3002c8
                                                                                                                                                      • Instruction Fuzzy Hash: 10E01771220209EFC710CF58D288E55BBEAAB08650F46C8A5E409CB212C330EE80CBA0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A27EE10, Relevance: .0, Instructions: 15COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356259306.000000000A270000.00000040.00000001.sdmp, Offset: 0A270000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 743ccc76e9db75d754eb5f5a75337b064d839acb14451e8aca5d1555fb7cec27
                                                                                                                                                      • Instruction ID: 966f4df4b4d58937f1de91b82984c2e3d2e3b0b6d5eabf2937aa0e3bb2559f2d
                                                                                                                                                      • Opcode Fuzzy Hash: 743ccc76e9db75d754eb5f5a75337b064d839acb14451e8aca5d1555fb7cec27
                                                                                                                                                      • Instruction Fuzzy Hash: 1DD0C9312142088BCB449FB5E84896A77F9AB8866931445A5E40DC7661E632EC52DA50
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A933CA4, Relevance: .0, Instructions: 14COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 8d71c9755e0c12706f814f26c5e63d2805109f9720c3cd99c9b5b809f8e0de64
                                                                                                                                                      • Instruction ID: 4958db3b6c6ca7ed86391ddfabbeca0d6a7433e1df455a990c032f101b1d9ec5
                                                                                                                                                      • Opcode Fuzzy Hash: 8d71c9755e0c12706f814f26c5e63d2805109f9720c3cd99c9b5b809f8e0de64
                                                                                                                                                      • Instruction Fuzzy Hash: 7CD0C935B000189FCB44EBEDE0505EC7BF5EFC9616B0044AAE219D7620DB309C158F42
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A9342A4, Relevance: .0, Instructions: 13COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: ad6f1554f6483bcbc7a3abbf59afad616b9d638d0091c3361e7123867cf4c272
                                                                                                                                                      • Instruction ID: c71bd7679e36312db093904b4dbd86bc437d1ebfc197bbac4272eb507955d4a9
                                                                                                                                                      • Opcode Fuzzy Hash: ad6f1554f6483bcbc7a3abbf59afad616b9d638d0091c3361e7123867cf4c272
                                                                                                                                                      • Instruction Fuzzy Hash: B7D012397000148FC754D7D8D4144EC7BF5DBC461670544A9E30AC7220DB21ED158B42
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93425B, Relevance: .0, Instructions: 13COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 71878e12fb490f6be7c352c2d292f61455abf32de79efd0cfa11ccbf50468278
                                                                                                                                                      • Instruction ID: 336f43c30eaee25be3c597a539f541c57753c4c1a7f9dbe211e2d51ff5e07992
                                                                                                                                                      • Opcode Fuzzy Hash: 71878e12fb490f6be7c352c2d292f61455abf32de79efd0cfa11ccbf50468278
                                                                                                                                                      • Instruction Fuzzy Hash: 41C012397000148FC750D7D8D4104EC37F5DBC451670004A9E306C7220DB219C158B42
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A933F0C, Relevance: .0, Instructions: 13COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: b5d26b85f77100adff90e048b9c66d94e6817d46732b3dfea04bfa8c667b3f6c
                                                                                                                                                      • Instruction ID: b8bde49c08d5afb59a0dfca1734ca7bdee0ac94e6530210385c0cd3c48242dad
                                                                                                                                                      • Opcode Fuzzy Hash: b5d26b85f77100adff90e048b9c66d94e6817d46732b3dfea04bfa8c667b3f6c
                                                                                                                                                      • Instruction Fuzzy Hash: 6BD01236B400148FCA44DBE9D0144E833F9DFE4616B4104A6F206C7630CB30DC558B81
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93429B, Relevance: .0, Instructions: 12COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: a342def1999acad77c3359fb5b73037cc72cc33ed847207a10fd37857c77d0af
                                                                                                                                                      • Instruction ID: c58c7e1ede0d4d541f1ed13a160caf1391c6f52828d99181184480acef43ce68
                                                                                                                                                      • Opcode Fuzzy Hash: a342def1999acad77c3359fb5b73037cc72cc33ed847207a10fd37857c77d0af
                                                                                                                                                      • Instruction Fuzzy Hash: BBD0123A704054DFC7149B98E0558F87BF5EB8435670640D5F3159B621C762AD198B80
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A934252, Relevance: .0, Instructions: 12COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: b5f2b3bfd376bfbdcea7cb3f69b0a8551da2e41965cb9427ddd73131cba0a463
                                                                                                                                                      • Instruction ID: 5392bd1274a52c6f65480f5789a30680ee8870a6e22f81fbb7fc22dcc287840b
                                                                                                                                                      • Opcode Fuzzy Hash: b5f2b3bfd376bfbdcea7cb3f69b0a8551da2e41965cb9427ddd73131cba0a463
                                                                                                                                                      • Instruction Fuzzy Hash: 5FD0123A704054DFC7149B98E0518F87BB5EBC575AB0100D5F2159B921C3625D19CB40
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 05335E7F, Relevance: .0, Instructions: 10COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 5bc269af00aa78867aeba1f1d9ae147183a2f77ba8314e5614ffc564cf7e74d4
                                                                                                                                                      • Instruction ID: b488d9c66925975c9c33d3a8f29d5c706617464143cc2ccd9b9dbbd94fad81cf
                                                                                                                                                      • Opcode Fuzzy Hash: 5bc269af00aa78867aeba1f1d9ae147183a2f77ba8314e5614ffc564cf7e74d4
                                                                                                                                                      • Instruction Fuzzy Hash: 0CC08CF3800106D7CB024EC0FE0238433A4AF9236BB4B2892A00808290E3B004C3CA08
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93C225, Relevance: .0, Instructions: 8COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 462f806103f530d795e63e7cd30240698a3559f3884ee21002b46cc62c982ebf
                                                                                                                                                      • Instruction ID: 3f3c132f4afdb4c9b0ccc70446e8221621b3055706f4c79c5f78017daeca6e07
                                                                                                                                                      • Opcode Fuzzy Hash: 462f806103f530d795e63e7cd30240698a3559f3884ee21002b46cc62c982ebf
                                                                                                                                                      • Instruction Fuzzy Hash: 7EB092B7A4400899DB109AC4B4413EDFB30F790265F108027D22062000C23201688791
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0533FF8D, Relevance: .0, Instructions: 7COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 08edb2df616af314efcc75b2aa16b1852b325aa7f98df3f4fc73d71221b39e68
                                                                                                                                                      • Instruction ID: ebf75900a8e321012de8c373c03b8e66d48e9fe14bfea23a6170d03057b1a5ad
                                                                                                                                                      • Opcode Fuzzy Hash: 08edb2df616af314efcc75b2aa16b1852b325aa7f98df3f4fc73d71221b39e68
                                                                                                                                                      • Instruction Fuzzy Hash: 53B09B7C7005044BD344EBB294A861775DAF7F4746F51C815C141D7258CF748C15DB96
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 05335E90, Relevance: .0, Instructions: 7COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 11af864edeba573326259e5ebc697e0c22a834166108599e1fb3f640e966d5cd
                                                                                                                                                      • Instruction ID: 808689d64755901c434a1ef92aaf973c459258b9bb329adafbd2ef209cb59831
                                                                                                                                                      • Opcode Fuzzy Hash: 11af864edeba573326259e5ebc697e0c22a834166108599e1fb3f640e966d5cd
                                                                                                                                                      • Instruction Fuzzy Hash: D6B0127100020F8BC5807F90F807D4C3B5C5580B0C7441891A10D195219EF52C85878C
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 05330440, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: d2189f5a80f33b8b1b1cd2ee9a889cbb60895293226f44edab7d2dfca8b6d84b
                                                                                                                                                      • Instruction ID: 7ea4b7110032755899d9dbf30868475d356a1db2172f82e527870231bcfaa999
                                                                                                                                                      • Opcode Fuzzy Hash: d2189f5a80f33b8b1b1cd2ee9a889cbb60895293226f44edab7d2dfca8b6d84b
                                                                                                                                                      • Instruction Fuzzy Hash: 0AB002BA855205FBDF05AB70F55978837E1EBD0709F50A959D201C6020DB7E55468B02
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A934978, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 3bcf7ac97951d95a427a4a175fc8bd56c4452bd204e58822d510142b3f16a6e2
                                                                                                                                                      • Instruction ID: 1a72177ff4e72dc774e0eff26547d16a5163e05b969ee2c47f40150896e5309a
                                                                                                                                                      • Opcode Fuzzy Hash: 3bcf7ac97951d95a427a4a175fc8bd56c4452bd204e58822d510142b3f16a6e2
                                                                                                                                                      • Instruction Fuzzy Hash: 40C09270601280CFCB0ACF21C2888107B72BF4230535940DCD00D8B522C736EC8ACB00
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Non-executed Functions

                                                                                                                                                      Function 0A27AEB8, Relevance: 14.2, Strings: 11, Instructions: 439COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356259306.000000000A270000.00000040.00000001.sdmp, Offset: 0A270000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: %$@tX$|mX$nu$nu$nu$nu$nu$nu$nu$pX
                                                                                                                                                      • API String ID: 0-2558709833
                                                                                                                                                      • Opcode ID: 4dc674eb4a23d4bd85ff82d71254fdd6c1904246a838b9d7173563ece01dbd5f
                                                                                                                                                      • Instruction ID: 05ab07e9dfd886b1b8817270f7522a002d8841edb3a4533b981c31240385234a
                                                                                                                                                      • Opcode Fuzzy Hash: 4dc674eb4a23d4bd85ff82d71254fdd6c1904246a838b9d7173563ece01dbd5f
                                                                                                                                                      • Instruction Fuzzy Hash: 9B028D70A002089FDB58DFA5C854AAEBBF6FF88304F14886DD916AB355DB319D06CF91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A279880, Relevance: 9.2, Strings: 7, Instructions: 401COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356259306.000000000A270000.00000040.00000001.sdmp, Offset: 0A270000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: |mX$nu$nu$nu$nu$nu$pX
                                                                                                                                                      • API String ID: 0-623633378
                                                                                                                                                      • Opcode ID: b9272600a8250a569ef05b7f653f42eab5fb5d37fddcb3962b71c83ef1c36eb3
                                                                                                                                                      • Instruction ID: cf113b16988385a60fc24560372d16600e51241027784daf9c38034ec4389807
                                                                                                                                                      • Opcode Fuzzy Hash: b9272600a8250a569ef05b7f653f42eab5fb5d37fddcb3962b71c83ef1c36eb3
                                                                                                                                                      • Instruction Fuzzy Hash: F5F17B34A102099FDB48EFA5D854AAEBBF6FF88304F148869D806AB354DF35DD46CB41
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 05335518, Relevance: 8.9, Strings: 7, Instructions: 115COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: ,~m$,~m$,~m$,~m$,~m$,~m$,~m
                                                                                                                                                      • API String ID: 0-3388339286
                                                                                                                                                      • Opcode ID: dd778472360aa805f28278ddc231b84c42ea9a2677efbb414ed3a6a2baed0da1
                                                                                                                                                      • Instruction ID: d6f63306f37c148dcb50f0ebff16584267efdff4add243fa4d31c0d2cc61aa87
                                                                                                                                                      • Opcode Fuzzy Hash: dd778472360aa805f28278ddc231b84c42ea9a2677efbb414ed3a6a2baed0da1
                                                                                                                                                      • Instruction Fuzzy Hash: D631A2743001045BE748A7B0ECA9B7E739FFBCA659B684C19D8038B394CF386C0257A6
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 05335952, Relevance: 8.9, Strings: 7, Instructions: 110COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.350166745.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: ,~m$,~m$,~m$,~m$,~m$,~m$,~m
                                                                                                                                                      • API String ID: 0-3388339286
                                                                                                                                                      • Opcode ID: 2a827e105e108dea6738f4950ebf2a0b5deda58ef301cc89b77d0d4aa9f18d80
                                                                                                                                                      • Instruction ID: 77ac848335389d6b4f3c18c5ec9d99c2d429fa9fc005eb08954a89caf51651a0
                                                                                                                                                      • Opcode Fuzzy Hash: 2a827e105e108dea6738f4950ebf2a0b5deda58ef301cc89b77d0d4aa9f18d80
                                                                                                                                                      • Instruction Fuzzy Hash: 6F3181383001449BE749A7B0ACA577E339FBBCA649F185819C9438B354CF386C0357A6
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A271650, Relevance: 7.7, Strings: 6, Instructions: 169COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356259306.000000000A270000.00000040.00000001.sdmp, Offset: 0A270000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: $bX$$bX$$bX$$bX$t4v$ph
                                                                                                                                                      • API String ID: 0-2310784322
                                                                                                                                                      • Opcode ID: a87b7024f8af2faaf41c02d04013e67ef006d6765fe24da5ab4f0a4b0eb18d56
                                                                                                                                                      • Instruction ID: bbce2033aa556e8ede1ddd99339ccc244fbaae3d76c6ad73bfc37cc51ed9a437
                                                                                                                                                      • Opcode Fuzzy Hash: a87b7024f8af2faaf41c02d04013e67ef006d6765fe24da5ab4f0a4b0eb18d56
                                                                                                                                                      • Instruction Fuzzy Hash: 2F51E834B302069BD7289E76849467FB7E6AF84205F144B79C502DB264EB70CE95CBD2
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A274460, Relevance: 6.7, Strings: 5, Instructions: 405COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356259306.000000000A270000.00000040.00000001.sdmp, Offset: 0A270000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: 0X$0X$4/>i$4/>i$[/l
                                                                                                                                                      • API String ID: 0-409394439
                                                                                                                                                      • Opcode ID: cfcdb2c183730493e7042f7c5c18879f451189471590fec9c21bbde134865dbf
                                                                                                                                                      • Instruction ID: 90a23332f93d642c244288ba5dfa176412a0fb6e477c269252b122895fdfc608
                                                                                                                                                      • Opcode Fuzzy Hash: cfcdb2c183730493e7042f7c5c18879f451189471590fec9c21bbde134865dbf
                                                                                                                                                      • Instruction Fuzzy Hash: 86E148347201118FCB58EF3AC59492E77EAAF8961871584B9E906CB375EF70ED02CB91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A93C698, Relevance: 6.4, Strings: 5, Instructions: 161COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: *.vstring.Replacedf$*ssfn*$Software\Valve\SteamLogin Data$SteamPath$config
                                                                                                                                                      • API String ID: 0-2649567852
                                                                                                                                                      • Opcode ID: 30d64837aadd27de84d2e36a979d53b18cb19b81028c71b3b8b3db93d6b92d07
                                                                                                                                                      • Instruction ID: bd1b3703082c39696690a9fa08da6869708ab7259e2096243c9f8a9941f1e2dd
                                                                                                                                                      • Opcode Fuzzy Hash: 30d64837aadd27de84d2e36a979d53b18cb19b81028c71b3b8b3db93d6b92d07
                                                                                                                                                      • Instruction Fuzzy Hash: 99515F31F002088FDB44DFB8D85069EB7F6AF89304BA58979D419AB390EF75AD058B91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A2774F0, Relevance: 5.3, Strings: 4, Instructions: 280COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356259306.000000000A270000.00000040.00000001.sdmp, Offset: 0A270000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: @tX$@tX$pX$pX
                                                                                                                                                      • API String ID: 0-481010497
                                                                                                                                                      • Opcode ID: 417d4008849796b9049160f2837418c3c575eb02674619db21e4ee2022821eee
                                                                                                                                                      • Instruction ID: 0a7d73f4f7b3b46e54153b6c84c13acf88754e9bffd4af6bbb8d95faf3cb05b5
                                                                                                                                                      • Opcode Fuzzy Hash: 417d4008849796b9049160f2837418c3c575eb02674619db21e4ee2022821eee
                                                                                                                                                      • Instruction Fuzzy Hash: 6191313072120287DB286A7B882477F76DEAFC4645F14443D9912E7394DF75CE42DBA2
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A274A18, Relevance: 5.2, Strings: 4, Instructions: 237COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356259306.000000000A270000.00000040.00000001.sdmp, Offset: 0A270000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: @tX$@tX$`v$cC
                                                                                                                                                      • API String ID: 0-3604586727
                                                                                                                                                      • Opcode ID: e6e97390ffcb7287d687762d184ac3a4b7076b3d1a8d9b2400c6d146599229cf
                                                                                                                                                      • Instruction ID: 1d9872efbd481f08f70390f7d2123755577bb671082374b92bb84fb090bf51f7
                                                                                                                                                      • Opcode Fuzzy Hash: e6e97390ffcb7287d687762d184ac3a4b7076b3d1a8d9b2400c6d146599229cf
                                                                                                                                                      • Instruction Fuzzy Hash: AD81AD35B102048FCB18EB79D454AAEB7FAEFC8214B1588A9D506DB365DF30ED05CB90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A9303C0, Relevance: 5.2, Strings: 4, Instructions: 176COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356520261.000000000A930000.00000040.00000001.sdmp, Offset: 0A930000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: nu$nu$nu$nu
                                                                                                                                                      • API String ID: 0-1039003084
                                                                                                                                                      • Opcode ID: 5229d6bc3c1f1d9742405e4477b9e1a37c3bc3257e069b221b32249b7ec0003a
                                                                                                                                                      • Instruction ID: 4c21e671b0f42af7e68fc8395d6641d3a42e03ee0e198550c9c49dc62ff89eb8
                                                                                                                                                      • Opcode Fuzzy Hash: 5229d6bc3c1f1d9742405e4477b9e1a37c3bc3257e069b221b32249b7ec0003a
                                                                                                                                                      • Instruction Fuzzy Hash: 8A719E79B012059FC704DF69C584A6ABBFAFF85304B4AC899D949DB362CB30EC45CB91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0A27ACF8, Relevance: 5.1, Strings: 4, Instructions: 103COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.356259306.000000000A270000.00000040.00000001.sdmp, Offset: 0A270000, based on PE: false
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: nu$nu$nu$nu
                                                                                                                                                      • API String ID: 0-1039003084
                                                                                                                                                      • Opcode ID: 9f5b0ee282d669e6f52e04841800fec7bb4075fb6a2c62cafdf2885072eaccba
                                                                                                                                                      • Instruction ID: cc26655aeb2cb165d78b01549433e9abc7b66886bf148d1d22b58261bd7ade64
                                                                                                                                                      • Opcode Fuzzy Hash: 9f5b0ee282d669e6f52e04841800fec7bb4075fb6a2c62cafdf2885072eaccba
                                                                                                                                                      • Instruction Fuzzy Hash: 74416A74A102068FC708DFA9C594AAEBBF6FF84214F15C87AD9159B391DB30ED05CB90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%